[Fedora-directory-commits] dsgw/pbconfig list-Auth.html.in,1.1,1.2

Richard Allen Megginson (rmeggins) fedora-directory-commits at redhat.com
Wed Feb 27 03:36:53 UTC 2008

Author: rmeggins

Update of /cvs/dirsec/dsgw/pbconfig
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv30811/dsgw/pbconfig

Modified Files:
Log Message:
1) There were several places where DSGW would output and eval arbitrary javascript code passed in a CGI parameter.  These have been replaced with resource strings.  In all cases the values were output escaped, but still, we shouldn't be passing around bits of javascript code to execute.
2) ICU provides a function which can parse the HTTP_ACCEPT_LANGUAGE string and return the most appropriate locale, so we should use that for date calculation.
3) Found a couple of places where uninitialized values could be used, and fixed them.
4) Used PR_smprintf to simplify some strlen+malloc+strcpy+strcat code.
5) dsgw_get_cgi_var will check for NULL input
6) Do not pass in the ldap host and port in form parameters.  Always just use the values from the config file.
7) Added many new tests and valgrind suppressions (almost all from ICU)

Index: list-Auth.html.in
RCS file: /cvs/dirsec/dsgw/pbconfig/list-Auth.html.in,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- list-Auth.html.in	14 Jan 2008 22:31:23 -0000	1.1
+++ list-Auth.html.in	27 Feb 2008 03:36:50 -0000	1.2
@@ -76,6 +76,9 @@
 <INPUT TYPE="hidden" NAME="authdesturl"
 <!-- DS_POSTEDVALUE "name=authdesturl" "within=VALUE=%22--value--%22" -->
+<INPUT TYPE="hidden" NAME="authdestdn"
+<!-- DS_POSTEDVALUE "name=authdestdn" "within=VALUE=%22--value--%22" -->
 <!-- PCONTEXT -->

More information about the Fedora-directory-commits mailing list