blob: f9b1305871624606430eb1e90f4a553e0aa755c3 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
|
Description: Fix multiple CRLF injection vulnerabilities in "now playing" scripts
Forwarded: not-needed
Author: Wouter Coekaerts
Last-Update: 2016-02-29
--- a/scripts/xmms.pl
+++ b/scripts/xmms.pl
@@ -139,6 +139,9 @@ Example: /set xmms_format_time %%m minut
$format =~ s/\%$_/$fs{$_}/g;
}
+ # remove newline characters
+ $format =~ s/[\r\n]/ /g;
+
# sending it.
if ($server && $server->{connected} && $witem &&
($witem->{type} eq "CHANNEL" || $witem->{type} eq "QUERY")) {
|
