2160baec63f853659980b53f4cda17cd56ac31e7 galt Thu Aug 11 14:08:42 2016 -0700 Revert "Fixes XSS for the early warning and abort messages. These were detected by system admins in Japan" This reverts commit 4cfc3d3eb5486c004765de17570c548ea6c388d5. diff --git src/lib/htmshell.c src/lib/htmshell.c index ab6e292..54a2057 100644 --- src/lib/htmshell.c +++ src/lib/htmshell.c @@ -31,41 +31,30 @@ * errors are not shown back to the user but trigger a 500 error, */ { errorsNoHeader = TRUE; } void htmlNoEscape() { NoEscape = TRUE; } void htmlDoEscape() { NoEscape = FALSE; } -void htmlVaEncodeErrorText(char *format, va_list args) -/* Write an error message encoded against XSS. */ -{ -char warning[1024]; -vsnprintf(warning, sizeof(warning), format, args); -char *encodedMessage = htmlEncodeText(warning,FALSE); // NO tags allowed to prevent XSS hacks -fprintf(stdout, "%s", encodedMessage); -freeMem(encodedMessage); -} - - void htmlVaParagraph(char *line, va_list args) /* Print a line in it's own paragraph. */ { fputs("<P>", stdout); vfprintf(stdout, line, args); fputs("</P>\n", stdout); } void htmlParagraph(char *line, ...) { va_list args; va_start(args, line); htmlVaParagraph(line, args); va_end(args); } @@ -293,31 +282,31 @@ "var endOfPage = document.body.innerHTML.substr(document.body.innerHTML.length-20);" "if(endOfPage.lastIndexOf('-- ERROR --') > 0) { history.back(); }" "}\n"); // Note OK button goes to prev page when this page is interrupted by the error. fprintf(f,"window.onunload = function(){}; // Trick to avoid FF back button issue.\n"); fprintf(f,"</script>\n"); } void htmlVaWarn(char *format, va_list args) /* Write an error message. */ { va_list argscp; va_copy(argscp, args); htmlWarnBoxSetup(stdout); // sets up the warnBox if it hasn't already been done. char warning[1024]; vsnprintf(warning,sizeof(warning),format, args); -char *encodedMessage = htmlEncodeText(warning,FALSE); // NO tags allowed to prevent XSS hacks +char *encodedMessage = htmlEncodeText(warning,TRUE); // NOTE: While some internal HTML should work, // a single quote (') will will screw it up! printf("<script type='text/javascript'>{showWarnBox();" "var warnList=document.getElementById('warnList');" "warnList.innerHTML += '<li>%s</li>';}</script><!-- ERROR -->\n",encodedMessage); // NOTE that "--ERROR --" is needed at the end of this print!! freeMem(encodedMessage); /* Log useful CGI info to stderr */ logCgiToStderr(); /* write warning/error message to stderr so they get logged. */ vfprintf(stderr, format, argscp); va_end(argscp); fflush(stderr); } @@ -346,31 +335,31 @@ void htmlMemDeath() { errAbort("Out of memory."); } static void earlyWarningHandler(char *format, va_list args) /* Write an error message so user can see it before page is really started. */ { static boolean initted = FALSE; if (!initted && !errorsNoHeader) { htmlStart("Very Early Error"); initted = TRUE; } printf("%s", htmlWarnStartPattern()); -htmlVaEncodeErrorText(format,args); +htmlVaParagraph(format,args); printf("%s", htmlWarnEndPattern()); } static void earlyAbortHandler() /* Exit close web page during early abort. */ { printf("</BODY></HTML>"); exit(0); } void htmlPushEarlyHandlers() /* Push stuff to close out web page to make sensible error * message during initialization. */ { pushWarnHandler(earlyWarningHandler);