Folks, Yesterday Steven Chamberlain wrote:
> Hi! > > On 16/03/13 21:53, Salvatore Bonaccorso wrote: > > On Sat, Mar 16, 2013 at 10:47:54PM +0100, Salvatore Bonaccorso wrote: > >> [...] But how about the attached patch for > >> unstable? > > Thank you for that. It does seem like the right way to handle it for > wheezy. > > Your patch seems correct to me. But defining $xssBadRx would be just > one extra line of diff... so why not use it? Then it would be more > consistent with upstream. > > > I've added Tobias back into Cc: as I would like to ask: > > While here, I wonder if the user-supplied $start/$end could be filtered > with this same regex, to address the things I noted earlier? I thought > maybe it could go in parse_datetime which is before they are used in any > file paths or output by anything. And I don't *think* any valid time > specifier would contain the characters of $xssBadRx. > > Thanks everyone, > Regards, it seems you spend a lot of thought on this ... (much more than I am presently able to) ... so if you come up with ideas and patches for the master, just send a pul request on github ... cheers tobi > -- Tobi Oetiker, OETIKER+PARTNER AG, Aarweg 15 CH-4600 Olten, Switzerland http://it.oetiker.ch t...@oetiker.ch ++41 62 775 9902 / sb: -9900 -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
