XSS脆弱性があります。
ページ一覧部分のパッチ:
*** html.php Fri Jun 28 23:39:54 2002 --- /home/seagull/src/PukiWiki/pukiwiki/html.php Fri Jun 28 00:52:15 2002 *************** *** 356,362 **** $page2 = strip_bracket($page); $pg_passage = get_pg_passage($page); $file = encode($page).".txt"; ! $retval[$page2] .= "<li><a href=\"$script?$page_url\">".htmlspecialchars($page2,ENT_QUOTES)."</a>$pg_passage</li>\n"; if($withfilename) { $retval[$page2] .= "<ul><li>$file</li></ul>\n"; --- 356,362 ---- $page2 = strip_bracket($page); $pg_passage = get_pg_passage($page); $file = encode($page).".txt"; ! $retval[$page2] .= "<li><a href=\"$script?$page_url\">$page2</a>$pg_passage</li>\n"; if($withfilename) { $retval[$page2] .= "<ul><li>$file</li></ul>\n"; ----
もいっこ、検索結果
*** func.php Fri Jun 28 23:45:26 2002 --- /home/seagull/src/PukiWiki/pukiwiki/func.php Fri Jun 28 20:40:16 2002 *************** *** 1,6 **** <? // PukiWiki - Yet another WikiWikiWeb clone. ! // $Id: func.php,v 1.2 2002/06/22 09:31:43 masui Exp $ ///////////////////////////////////////////////// // ~~ --- 1,6 ---- <? // PukiWiki - Yet another WikiWikiWeb clone. ! // $Id: func.php,v 1.3 2002/06/28 10:39:57 masui Exp $ ///////////////////////////////////////////////// // ~~ *************** *** 57,63 **** $word_url = rawurlencode($word); $name2 = strip_bracket($name); $str = get_pg_passage($name); ! $retval[$name2] = "<li><a href=\"$script?$page_url\">".htmlspecialchars($name2, ENT_QUOTES)."</a>$str</li>"; } } else --- 57,63 ---- $word_url = rawurlencode($word); $name2 = strip_bracket($name); $str = get_pg_passage($name); ! $retval[$name2] = "<li><a href=\"$script?$page_url\">$name2</a>$str</li>"; } } else *************** *** 67,73 **** $page_url = rawurlencode($name); $word_url = rawurlencode($word); $name2 = strip_bracket($name); ! $link_tag = "<a href=\"$script?$page_url\">".htmlspecialchars($name2, ENT_QUOTES)."</a>"; $link_tag .= get_pg_passage($name,false); if($non_format) { --- 67,73 ---- $page_url = rawurlencode($name); $word_url = rawurlencode($word); $name2 = strip_bracket($name); ! $link_tag = "<a href=\"$script?$page_url\">$name2</a>"; $link_tag .= get_pg_passage($name,false); if($non_format) {