Changes 08
META.yml 11
README 11
lib/HTML/Template/Pro.pm 11
perl-HTML-Template-Pro.spec 110
prostate.inc 36
pstrutils.inc 02
templates-Pro/test_esc4.out 11
templates-Pro/test_var3.out 11
9 files changed (This is a version diff) 931
@@ -307,3 +307,11 @@ Revision history for Perl extension HTML::Template::Pro.
 0.9505 Fri Jul  1 13:27:10 EEST 2011
 	- bugfix in perl wrapper: fix in WrapAssociate.pm
 	  thanks to Viktor Bukhtoyarov
+
+0.9506 Tue Oct  4 22:55:35 EEST 2011
+	- file name in logs
+
+0.9507 Fri Dec  9 09:44:49 EET 2011
+	- patch for XSS vulnerability in HTML::Template::Pro
+	  thanks to Shigeki Morimoto shigeki.morimoto mixi.co.jp
+
@@ -1,6 +1,6 @@
 --- #YAML:1.0
 name:               HTML-Template-Pro
-version:            0.9505
+version:            0.9507
 abstract:           Perl/XS module to use HTML Templates from CGI scripts
 author:
     - I. Yu. Vlasenko <viy@altlinux.org>
@@ -1,4 +1,4 @@
-HTML-Template-Pro version 0.9505
+HTML-Template-Pro version 0.9507
 ==============================
 
 DESCRIPTION
@@ -12,7 +12,7 @@ require Exporter;
 use vars qw($VERSION @ISA @EXPORT_OK %EXPORT_TAGS);
 @ISA = qw(DynaLoader Exporter);
 
-$VERSION = '0.9505';
+$VERSION = '0.9507';
 
 @EXPORT_OK = qw/ASK_NAME_DEFAULT ASK_NAME_AS_IS ASK_NAME_LOWERCASE ASK_NAME_UPPERCASE ASK_NAME_MASK/;
 %EXPORT_TAGS = (const => [qw/ASK_NAME_DEFAULT ASK_NAME_AS_IS ASK_NAME_LOWERCASE ASK_NAME_UPPERCASE ASK_NAME_MASK/]);
@@ -6,7 +6,7 @@
 %define module HTML-Template-Pro
 
 Name: perl-%module
-Version: 0.9505
+Version: 0.9507
 Release: alt1
 
 Packager: Igor Yu. Vlasenko <viy@altlinux.org>
@@ -54,9 +54,18 @@ in the Perl script.
 #perl_vendor_man3dir/*
 
 %changelog
+* Fri Dec 09 2011 Igor Vlasenko <viy@altlinux.ru> 0.9507-alt1
+- new version; see Changes
+
+* Tue Oct 04 2011 Igor Vlasenko <viy@altlinux.ru> 0.9506-alt1
+- new version; see Changes
+
 * Fri Jul 01 2011 Igor Vlasenko <viy@altlinux.ru> 0.9505-alt1
 - new version; see Changes
 
+* Mon Nov 08 2010 Vladimir Lettiev <crux@altlinux.ru> 0.9504-alt1.1
+- rebuilt with perl 5.12
+
 * Tue Sep 28 2010 Igor Vlasenko <viy@altlinux.ru> 0.9504-alt1
 - new version; see Changes
 
@@ -4,10 +4,13 @@
 TMPLPRO_LOCAL void log_state(struct tmplpro_state* state, int level, const char *fmt, ...) 
 {
     va_list vl;
+    char* masterpath=state->param->masterpath;
     va_start(vl, fmt);
-    if (state->tag ==HTML_TEMPLATE_NO_TAG) {
-      tmpl_log(level, "HTML::Template::Pro:");
-    } else {
+    tmpl_log(level, "HTML::Template::Pro:");
+    if (masterpath != NULL) {
+      tmpl_log(level, "%s:",masterpath);
+    }
+    if (state->tag !=HTML_TEMPLATE_NO_TAG) {
       tmpl_log(level, "HTML::Template::Pro:in %sTMPL_%s at pos " MOD_TD ": ",
 	  (state->is_tag_closed ? "/" : ""), 
 	   (state->tag>HTML_TEMPLATE_BAD_TAG && state->tag <=HTML_TEMPLATE_LAST_TAG_USED) ? TAGNAME[state->tag] : "", 
@@ -124,6 +124,8 @@ jsencode_pstring (pbuffer* StrBuffer, PSTRING pstring) {
     case '\'' : bufdelta=2; strncpy(buf+offset, "\\'",bufdelta);break;
     case '\n' : bufdelta=2; strncpy(buf+offset, "\\n",bufdelta);break;
     case '\r' : bufdelta=2; strncpy(buf+offset, "\\r",bufdelta);break;
+    case '>' : bufdelta=4; strncpy(buf+offset, "&gt;",  bufdelta);break;
+    case '<' : bufdelta=4; strncpy(buf+offset, "&lt;",  bufdelta);break;
     default: *(buf+offset)=curchar;
     }
     offset+=bufdelta;
@@ -1,5 +1,5 @@
 <H1> test_esc4 </H1>
- \\<>\"; %FAhidden:\r\nend 
+ \\&lt;&gt;\"; %FAhidden:\r\nend 
  
 VAR1
 Some&quot;&#39; Txt&#39;
@@ -8,7 +8,7 @@ end
  \&lt;&gt;&quot;; %FAhidden:
 end 
  
- \\<>\"; %FAhidden:\r\nend 
+ \\&lt;&gt;\"; %FAhidden:\r\nend 
  
 <H1> END test_var3 </H1>
 </body></html>