@@ -307,3 +307,11 @@ Revision history for Perl extension HTML::Template::Pro.
0.9505 Fri Jul 1 13:27:10 EEST 2011
- bugfix in perl wrapper: fix in WrapAssociate.pm
thanks to Viktor Bukhtoyarov
+
+0.9506 Tue Oct 4 22:55:35 EEST 2011
+ - file name in logs
+
+0.9507 Fri Dec 9 09:44:49 EET 2011
+ - patch for XSS vulnerability in HTML::Template::Pro
+ thanks to Shigeki Morimoto shigeki.morimoto mixi.co.jp
+
@@ -1,6 +1,6 @@
--- #YAML:1.0
name: HTML-Template-Pro
-version: 0.9505
+version: 0.9507
abstract: Perl/XS module to use HTML Templates from CGI scripts
author:
- I. Yu. Vlasenko <viy@altlinux.org>
@@ -1,4 +1,4 @@
-HTML-Template-Pro version 0.9505
+HTML-Template-Pro version 0.9507
==============================
DESCRIPTION
@@ -12,7 +12,7 @@ require Exporter;
use vars qw($VERSION @ISA @EXPORT_OK %EXPORT_TAGS);
@ISA = qw(DynaLoader Exporter);
-$VERSION = '0.9505';
+$VERSION = '0.9507';
@EXPORT_OK = qw/ASK_NAME_DEFAULT ASK_NAME_AS_IS ASK_NAME_LOWERCASE ASK_NAME_UPPERCASE ASK_NAME_MASK/;
%EXPORT_TAGS = (const => [qw/ASK_NAME_DEFAULT ASK_NAME_AS_IS ASK_NAME_LOWERCASE ASK_NAME_UPPERCASE ASK_NAME_MASK/]);
@@ -6,7 +6,7 @@
%define module HTML-Template-Pro
Name: perl-%module
-Version: 0.9505
+Version: 0.9507
Release: alt1
Packager: Igor Yu. Vlasenko <viy@altlinux.org>
@@ -54,9 +54,18 @@ in the Perl script.
#perl_vendor_man3dir/*
%changelog
+* Fri Dec 09 2011 Igor Vlasenko <viy@altlinux.ru> 0.9507-alt1
+- new version; see Changes
+
+* Tue Oct 04 2011 Igor Vlasenko <viy@altlinux.ru> 0.9506-alt1
+- new version; see Changes
+
* Fri Jul 01 2011 Igor Vlasenko <viy@altlinux.ru> 0.9505-alt1
- new version; see Changes
+* Mon Nov 08 2010 Vladimir Lettiev <crux@altlinux.ru> 0.9504-alt1.1
+- rebuilt with perl 5.12
+
* Tue Sep 28 2010 Igor Vlasenko <viy@altlinux.ru> 0.9504-alt1
- new version; see Changes
@@ -4,10 +4,13 @@
TMPLPRO_LOCAL void log_state(struct tmplpro_state* state, int level, const char *fmt, ...)
{
va_list vl;
+ char* masterpath=state->param->masterpath;
va_start(vl, fmt);
- if (state->tag ==HTML_TEMPLATE_NO_TAG) {
- tmpl_log(level, "HTML::Template::Pro:");
- } else {
+ tmpl_log(level, "HTML::Template::Pro:");
+ if (masterpath != NULL) {
+ tmpl_log(level, "%s:",masterpath);
+ }
+ if (state->tag !=HTML_TEMPLATE_NO_TAG) {
tmpl_log(level, "HTML::Template::Pro:in %sTMPL_%s at pos " MOD_TD ": ",
(state->is_tag_closed ? "/" : ""),
(state->tag>HTML_TEMPLATE_BAD_TAG && state->tag <=HTML_TEMPLATE_LAST_TAG_USED) ? TAGNAME[state->tag] : "",
@@ -124,6 +124,8 @@ jsencode_pstring (pbuffer* StrBuffer, PSTRING pstring) {
case '\'' : bufdelta=2; strncpy(buf+offset, "\\'",bufdelta);break;
case '\n' : bufdelta=2; strncpy(buf+offset, "\\n",bufdelta);break;
case '\r' : bufdelta=2; strncpy(buf+offset, "\\r",bufdelta);break;
+ case '>' : bufdelta=4; strncpy(buf+offset, ">", bufdelta);break;
+ case '<' : bufdelta=4; strncpy(buf+offset, "<", bufdelta);break;
default: *(buf+offset)=curchar;
}
offset+=bufdelta;
@@ -1,5 +1,5 @@
<H1> test_esc4 </H1>
- \\<>\"; %FAhidden:\r\nend
+ \\<>\"; %FAhidden:\r\nend
VAR1
Some"' Txt'
@@ -8,7 +8,7 @@ end
\<>"; %FAhidden:
end
- \\<>\"; %FAhidden:\r\nend
+ \\<>\"; %FAhidden:\r\nend
<H1> END test_var3 </H1>
</body></html>