Check content of the string to identify potentially unsafe content in the provided string. The content is unsafe, when it contains externally provided content, which might be provided e.g. via query variables, or via user values stored in the database. When such content contains square braces, a "subst" command on theses can evaluate arbitrary commands, which is dangerous.
The new API call is used in "::xo::Package->return_page", where the "subst" command stripped from its command substitution capabilities. In case, command subsitution is needed, perform this prior this call.
bumped acs-tcl to 5.10.1d23 bumped xotcl-core to 5.10.1d13
do not allow acs-subsite TmpDir parameter to define where the tmpfolder is located anymore. This MUST be the one configured in the server-wide configuration. Tmpfiles cannot be in a subfolder of the tmpfolder, they MUST be direct children instead. A tmpfile MUST exist beforehand and be owned, be readable and writable by the user running the nsd process. This complies with the definition of a tmpfile by AolServer/NaviServer when they are created to store content coming from a file upload.
Loading ...