diff options
| author | Tobias Oetiker <tobi@oetiker.ch> | 2013-03-17 13:11:10 +0100 |
|---|---|---|
| committer | Tobias Oetiker <tobi@oetiker.ch> | 2013-03-17 13:11:10 +0100 |
| commit | bad9f9c28f0939b269f90072aa4cf41f20f15563 (patch) | |
| tree | 3eec012cfaf280c96e0832b43e29a3e24f501bdb | |
| parent | af24c7886e48d97bc226a123d12e6b15cd089b51 (diff) | |
| download | smokeping-bad9f9c28f0939b269f90072aa4cf41f20f15563.tar.gz smokeping-bad9f9c28f0939b269f90072aa4cf41f20f15563.tar.xz | |
xss fix from Steven Chamberlain
| -rw-r--r-- | lib/Smokeping.pm | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/lib/Smokeping.pm b/lib/Smokeping.pm index cec130a..080b538 100644 --- a/lib/Smokeping.pm +++ b/lib/Smokeping.pm @@ -1028,8 +1028,9 @@ sub smokecol ($) { sub parse_datetime($){ my $in = shift; - for ($in){ - /^(\d+)$/ && do { my $value = $1; $value = time if $value > 2**32; return $value}; + for ($in){ + $in =~ s/$xssBadRx/_/g; + /^(\d+)$/ && do { my $value = $1; $value = time if $value > 2**32; return $value}; /^\s*(\d{4})-(\d{1,2})-(\d{1,2})(?:\s+(\d{1,2}):(\d{2})(?::(\d{2}))?)?\s*$/ && return POSIX::mktime($6||0,$5||0,$4||0,$3,$2-1,$1-1900,0,0,-1); /^now$/ && return time; |