• Do not register here on develop.twiki.org, login with your twiki.org account.
• Use

Item7848 for generic doc work for TWiki-6.1.1. Use

Item7851 for doc work on extensions that are not part of a release. More... Close
• Anything you create or change in standard webs (Main, TWiki, Sandbox etc) will be automatically reverted on every SVN update.
• Does this site look broken?. Use the LitterTray web for test cases.

Item7145: CVE-2013-1751: Sanitize MAKETEXT variable by removing excessive tildes

Item Form Data

AppliesTo:	Component:	Priority:	CurrentState:	WaitingFor:	TargetRelease	ReleasedIn
Engine		Urgent	Closed		patch	5.1.4

Detail

This is a followup to Item7080.

-- TWiki:Main/PeterThoeny - 2013-02-14

This is now in SVN trunk and 5.1 branch.

Patch:

--- lib/TWiki.pm   (revision 25065)
+++ lib/TWiki.pm   (working copy)
@@ -4328,8 +4328,8 @@
     $str =~ s/\]/~]/g;
 
     # restore already escaped stuff:
-    $str =~ s/~~\[/~[/g;
-    $str =~ s/~~\]/~]/g;
+    $str =~ s/~~+\[/~[/g;
+    $str =~ s/~~+\]/~]/g;
 
     # unescape parameters and calculate highest parameter number:
     my $max = 0;

-- TWiki:Main.PeterThoeny - 2013-02-15

ItemTemplate
Summary	CVE-2013-1751: Sanitize MAKETEXT variable by removing excessive tildes
ReportedBy	TWiki:Main.PeterThoeny
Codebase	~twiki4, 5.1.3
SVN Range	TWiki-5.1.3-trunk, Fri, 11 Jan 2013, build 24780
AppliesTo	Engine
Component
Priority	Urgent
CurrentState	Closed
WaitingFor
Checkins	TWikirev:25066 TWikirev:25067
TargetRelease	patch
ReleasedIn	5.1.4