# HG changeset patch
# User xfred222
# Date 1355956664 18000
# Node ID 2ccd2cd18ef5f5c02b911445bc302db704c2a51a
# Parent  8ec2f574923b0a115dd5a3a391abde088b70d95f
fix security hole & bug 43

diff -r 8ec2f574923b -r 2ccd2cd18ef5 web/bugs.cgi
--- a/web/bugs.cgi	Mon Dec 17 09:21:14 2012 -0500
+++ b/web/bugs.cgi	Wed Dec 19 17:37:44 2012 -0500
@@ -335,9 +335,9 @@
 	fi
 	js_log "Will write message in $bugdir/$id/msg.$count "
 	sed "s/$(echo -en '\r') /\n/g" > $bugdir/$id/msg.$count << EOT
-USER="$USER"
+USER='$(echo $(GET $USER) | sed -e "s/'/\&#39;/g; s/\\\n/<br\/>/g; s/\\\t/\&#09;/g; s/\%22/\"/g"  )'
 DATE="$date"
-MSG="$(GET msg)"
+MSG='$(echo $(GET msg) | sed -e "s/'/\&#39;/g; s/\\\n/<br\/>/g; s/\\\t/\&#09;/g; s/\%22/\"/g"  )'
 EOT
 }
 
@@ -356,14 +356,14 @@
 	sed "s/$(echo -en '\r') /\n/g" > $bugdir/$count/bug.conf << EOT
 # SliTaz Bug configuration
 
-BUG="$(GET bug)"
+BUG='$(echo $(GET bug) | sed -e "s/'/\&#39;/g; s/\\\n/<br\/>/g; s/\\\t/\&#09;/g; s/\%22/\"/g"  )'
 STATUS="OPEN"
 PRIORITY="$(GET priority)"
 CREATOR="$USER"
 DATE="$date"
-PKGS="$(GET pkgs)"
+PKGS='$(echo $(GET pkgs) | sed -e "s/'/\&#39;/g; s/\\\n/<br\/>/g; s/\\\t/\&#09;/g; s/\%22/\"/g"  )''
 
-DESC="$(GET desc)"
+DESC='$(echo $(GET desc) | sed -e "s/'/\&#39;/g; s/\\\n/<br\/>/g; s/\\\t/\&#09;/g; s/\%22/\"/g"  )''
 EOT
 }