XSS protection

diff --git a/file/edit_html.cgi b/file/edit_html.cgi
index 5d41ec0..a121ee7 100755 (executable)
--- a/file/edit_html.cgi
+++ b/file/edit_html.cgi
@@ -1,6 +1,7 @@
 #!/usr/local/bin/perl
 # Show an HTML editor window
 
+$trust_unknown_referers = 1;
 require './file-lib.pl';
 do '../ui-lib.pl';
 $disallowed_buttons{'edit'} && &error($text{'ebutton'});

diff --git a/file/upform.cgi b/file/upform.cgi
index dec684f..4fcaded 100755 (executable)
--- a/file/upform.cgi
+++ b/file/upform.cgi
@@ -2,6 +2,7 @@
 # upform.cgi
 # Display the upload form
 
+$trust_unknown_referers = 1;
 require './file-lib.pl';
 $disallowed_buttons{'upload'} && &error($text{'ebutton'});
 &ReadParse(undef, undef, 1);