Security: Fix CERT VU #810572 exploiting the dynamic linker (STR #4609)

[thirdparty/cups.git] / cgi-bin / template.c

diff --git a/cgi-bin/template.c b/cgi-bin/template.c
index a606844a687380fe8b927242ae03fd374c5ca56f..53254417479514743b89515ac81b3a8a10d8a9e1 100644 (file)
--- a/cgi-bin/template.c
+++ b/cgi-bin/template.c
@@ -3,7 +3,7 @@
  *
  * CGI template function.
  *
- * Copyright 2007-2014 by Apple Inc.
+ * Copyright 2007-2015 by Apple Inc.
  * Copyright 1997-2006 by Easy Software Products.
  *
  * These coded instructions, statements, and computer programs are the
@@ -648,39 +648,7 @@ cgi_puts(const char *s,                    /* I - String to output */
   while (*s)
   {
     if (*s == '<')
-    {
-     /*
-      * Pass <A HREF="url"> and </A>, otherwise quote it...
-      */
-
-      if (!_cups_strncasecmp(s, "<A HREF=\"", 9))
-      {
-        fputs("<A HREF=\"", out);
-       s += 9;
-
-       while (*s && *s != '\"')
-       {
-          if (*s == '&')
-            fputs("&amp;", out);
-         else
-           putc(*s, out);
-
-         s ++;
-       }
-
-        if (*s)
-         s ++;
-
-       fputs("\">", out);
-      }
-      else if (!_cups_strncasecmp(s, "</A>", 4))
-      {
-        fputs("</A>", out);
-       s += 3;
-      }
-      else
-        fputs("&lt;", out);
-    }
+      fputs("&lt;", out);
     else if (*s == '>')
       fputs("&gt;", out);
     else if (*s == '\"')