Protect against HTML in the URL (STR #4356) git-svn-id: svn+ssh://src.apple.com/svn/cups/cups.org/trunk@11620 a1ca3aef-8c08-0410-bb20-df032aa958be

commit: 1216300668307015a88efc6267a521eeab51e8e8 [log] [tgz]
author: msweet <msweet@a1ca3aef-8c08-0410-bb20-df032aa958be> Wed Feb 19 19:56:56 2014 +0000
committer: msweet <msweet@a1ca3aef-8c08-0410-bb20-df032aa958be> Wed Feb 19 19:56:56 2014 +0000
tree: 681b8ff13f2ef39c6e25073ac6db6b9ab8d700a9
parent: 2644cfc5f2a7fc10bd1ed2aa52387b15f77db1db [diff]
diff --git a/CHANGES-1.7.txt b/CHANGES-1.7.txt
index 580b60c..6a456f0 100644
--- a/CHANGES-1.7.txt
+++ b/CHANGES-1.7.txt

@@ -3,6 +3,8 @@
 
 CHANGES IN CUPS V1.7.2
 
+	- Security: The scheduler now blocks URLs containing embedded HTML
+	  (STR #4356)
 	- The scheduler did not always update the MakeModel value in
 	  printers.conf after updating the driver (STR #4264)
 	- The LPD mini daemon did not support print jobs larger than 2GB

diff --git a/scheduler/client.c b/scheduler/client.c
index 23fb713..9bb2305 100644
--- a/scheduler/client.c
+++ b/scheduler/client.c

@@ -3316,6 +3316,14 @@
     return (0);
 
  /*
+  * Check for "<" or quotes in the path and reject since this is probably
+  * someone trying to inject HTML...
+  */
+
+  if (strchr(path, '<') != NULL || strchr(path, '\"') != NULL || strchr(path, '\'') != NULL)
+    return (0);
+
+ /*
   * Check for "/.." in the path...
   */
commit	1216300668307015a88efc6267a521eeab51e8e8	[log] [tgz]
author	msweet <msweet@a1ca3aef-8c08-0410-bb20-df032aa958be>	Wed Feb 19 19:56:56 2014 +0000
committer	msweet <msweet@a1ca3aef-8c08-0410-bb20-df032aa958be>	Wed Feb 19 19:56:56 2014 +0000
tree	681b8ff13f2ef39c6e25073ac6db6b9ab8d700a9
parent	2644cfc5f2a7fc10bd1ed2aa52387b15f77db1db [diff]