changelog | [dw-free] http://bugs.dwscoalition.org/show

[commit: http://hg.dwscoalition.org/dw-free/rev/101a5c59af1e]

http://bugs.dwscoalition.org/show_bug.cgi?id=1462

Fix potential XSS issue with s2id getting printed out verbatim.

Patch by

afuna.

Files modified:

cgi-bin/LJ/S2/EntryPage.pm

--------------------------------------------------------------------------------
diff -r ac90389db4e2 -r 101a5c59af1e cgi-bin/LJ/S2/EntryPage.pm
--- a/cgi-bin/LJ/S2/EntryPage.pm	Wed Jul 22 01:26:15 2009 +0000
+++ b/cgi-bin/LJ/S2/EntryPage.pm	Wed Jul 22 01:28:13 2009 +0000
@@ -39,7 +39,7 @@ sub EntryPage
     my $itemid = $entry->jitemid;
     my $permalink = $entry->url;
     my $stylemine = $get->{'style'} eq "mine" ? "style=mine" : "";
-    my $style_set = defined $get->{'s2id'} ? "s2id=" . $get->{'s2id'} : "";
+    my $style_set = defined $get->{'s2id'} ? "s2id=" . int( $get->{'s2id'} ) : "";
     my $style_arg = ($stylemine ne '' and $style_set ne '') ? ($stylemine . '&' . $style_set) : ($stylemine . $style_set);
 
     if ($u->should_block_robots || $entry->should_block_robots) {
@@ -439,7 +439,7 @@ sub EntryPage_entry
     $nc .= "nc=$replycount" if $replycount && $remote && $remote->{'opt_nctalklinks'};
 
     my $stylemine = $get->{'style'} eq "mine" ? "style=mine" : "";
-    my $style_set = defined $get->{'s2id'} ? "s2id=" . $get->{'s2id'} : "";
+    my $style_set = defined $get->{'s2id'} ? "s2id=" . int( $get->{'s2id'} ) : "";
     my $style_arg = ($stylemine ne '' and $style_set ne '') ? ($stylemine . '&' . $style_set) : ($stylemine . $style_set);
     
     # load the userpic; include the keyword selected by the user 
--------------------------------------------------------------------------------

[dw-free] http://bugs.dwscoalition.org/show_bug.cgi?id=1462