Security: Fix CERT VU #810572 exploiting the dynamic linker (STR #4609)

git-svn-id: svn+ssh://src.apple.com/svn/cups/cups.org/trunk@12700 a1ca3aef-8c08-0410-bb20-df032aa958be

2 files changed, 4 insertions, 50 deletions

diff --git a/cgi-bin/ipp-var.c b/cgi-bin/ipp-var.c
index 9682d791e..2aabe5322 100644
--- a/cgi-bin/ipp-var.c
+++ b/cgi-bin/ipp-var.c
@@ -3,7 +3,7 @@
  *
  * CGI <-> IPP variable routines for CUPS.
  *
- * Copyright 2007-2014 by Apple Inc.
+ * Copyright 2007-2015 by Apple Inc.
  * Copyright 1997-2007 by Easy Software Products.
  *
  * These coded instructions, statements, and computer programs are the
@@ -1202,21 +1202,7 @@ cgiSetIPPObjectVars(
 	      * Rewrite URIs...
 	      */
 
-              if (!strcmp(name, "member_uris"))
-	      {
-		char	url[1024];	/* URL for class member... */
-
-
-		cgiRewriteURL(attr->values[i].string.text, url,
-		              sizeof(url), NULL);
-
-                snprintf(valptr, sizeof(value) - (size_t)(valptr - value),
-		         "<A HREF=\"%s\">%s</A>", url,
-			 strrchr(attr->values[i].string.text, '/') + 1);
-	      }
-	      else
-		cgiRewriteURL(attr->values[i].string.text, valptr,
-		              (int)(sizeof(value) - (size_t)(valptr - value)), NULL);
+	      cgiRewriteURL(attr->values[i].string.text, valptr, (int)(sizeof(value) - (size_t)(valptr - value)), NULL);
               break;
             }
 
diff --git a/cgi-bin/template.c b/cgi-bin/template.c
index a606844a6..532544174 100644
--- a/cgi-bin/template.c
+++ b/cgi-bin/template.c
@@ -3,7 +3,7 @@
  *
  * CGI template function.
  *
- * Copyright 2007-2014 by Apple Inc.
+ * Copyright 2007-2015 by Apple Inc.
  * Copyright 1997-2006 by Easy Software Products.
  *
  * These coded instructions, statements, and computer programs are the
@@ -648,39 +648,7 @@ cgi_puts(const char *s,			/* I - String to output */
   while (*s)
   {
     if (*s == '<')
-    {
-     /*
-      * Pass <A HREF="url"> and </A>, otherwise quote it...
-      */
-
-      if (!_cups_strncasecmp(s, "<A HREF=\"", 9))
-      {
-        fputs("<A HREF=\"", out);
-	s += 9;
-
-	while (*s && *s != '\"')
-	{
-          if (*s == '&')
-            fputs("&amp;", out);
-	  else
-	    putc(*s, out);
-
-	  s ++;
-	}
-
-        if (*s)
-	  s ++;
-
-	fputs("\">", out);
-      }
-      else if (!_cups_strncasecmp(s, "</A>", 4))
-      {
-        fputs("</A>", out);
-	s += 3;
-      }
-      else
-        fputs("&lt;", out);
-    }
+      fputs("&lt;", out);
     else if (*s == '>')
       fputs("&gt;", out);
     else if (*s == '\"')