This commit was manufactured by cvs2svn to create tag 'V0_9_2'.

git-svn-id: http://viewvc.tigris.org/svn/viewvc/tags/V0_9_2@442 8cb11bc2-c004-0410-86c3-e597b4017df7
2019-04-16 04:14:59 +03:00 · 2002-01-15 09:55:01 +00:00
3 changed files with 8 additions and 19 deletions
--- a/6
+++ b/6
@@ -1,9 +1,3 @@
-Version 0.9.3 (released 17-May-2005)
-
-  * security fix: disallow bad "content-type" input [CAN-2004-1062]
-  * security fix: disallow bad "sortby" and "cvsroot" input [CAN-2002-0771]
-  * security fix: omit forbidden/hidden modules from tarballs [CAN-2002-0771]
-
 Version 0.9.2 (released 15-Jan-2001)

  * fix redirects to Attic for diffs
--- a/lib/viewcvs.py
+++ b/lib/viewcvs.py
@@ -25,7 +25,7 @@
 # -----------------------------------------------------------------------
 #

-__version__ = '0.9.3'
+__version__ = '0.9.2'

 #########################################################################
 #
@@ -248,10 +248,9 @@ def redirect(location):
  sys.exit(0)

 def error(msg, status='500 Internal Server Error'):
-  print 'Content-type: text/html'
  print 'Status:', status
  print
-  print cgi.escape(msg)
+  print msg
  sys.exit(0)

 def generate_page(request, tname, data):
@@ -1106,8 +1105,7 @@ def view_directory(request):
  view_tag = query_dict.get('only_with_tag')
  hideattic = int(query_dict.get('hideattic'))  ### watch for errors in int()?
  sortby = query_dict.get('sortby', 'file')
-  if not re.match('^[a-z]+$', sortby):
-    raise 'illegal value for sortby parameter'
+
  search_re = query_dict.get('search')
 
  # Search current directory
@@ -1843,8 +1841,8 @@ def process_checkout(full_name, where, query_dict, default_mime_type):

  mime_type = query_dict.get('content-type')
  if mime_type:
-    if not re.match('^[-_.a-zA-Z0-9/]+$', mime_type):
-      raise 'illegal value for content-type parameter'
+    ### validate it?
+    pass
  else:
    mime_type = default_mime_type

@@ -2454,9 +2452,6 @@ def generate_tarball(out, relative, directory, tag, stack=[]):
  for file, pathname, isdir in get_file_data(directory):
    if pathname == _UNREADABLE_MARKER:
      continue
-    if (file == 'CVSROOT' and cfg.options.hide_cvsroot) \
-           or cfg.is_forbidden(file):
-      continue
    if isdir:
      subdirs.append(file)
    else:
--- a/website/index.html
+++ b/website/index.html
@@ -13,7 +13,7 @@
      </td>
      <td align=center valign=top bgcolor="white" width="1%">
 	<b>Quickstart:</b>
-	<a href="viewcvs-0.9.3.tar.gz">download</a>
+	<a href="viewcvs-0.9.2.tar.gz">download</a>
      </td>
      <td width="1%"><a href="http://sourceforge.net/"><img border=0
 	    src="http://sourceforge.net/sflogo.php?group_id=18760&type=1"></a><br><a href="http://sourceforge.net/projects/viewcvs/">ViewCVS&nbsp;project&nbsp;page</a>
@@ -210,10 +210,10 @@
      The software is available for download:
    </p>
    <blockquote>
-      <a href="viewcvs-0.9.3.tar.gz">Version 0.9.3 of ViewCVS as a gzipped
+      <a href="viewcvs-0.9.2.tar.gz">Version 0.9.2 of ViewCVS as a gzipped
      tar</a>
      <br>
-      <a href="viewcvs-0.9.3.zip">Version 0.9.3 of ViewCVS as a ZIP
+      <a href="viewcvs-0.9.2.zip">Version 0.9.2 of ViewCVS as a ZIP
      file</a>
    </blockquote>
    <p>