diff -Naur links-2.1pre25/ChangeLog links-2.1pre26/ChangeLog
--- links-2.1pre25/ChangeLog	2006-11-27 15:00:10.000000000 +0100
+++ links-2.1pre26/ChangeLog	2006-11-28 23:14:38.000000000 +0100
@@ -1,3 +1,10 @@
+=== RELEASE 2.1pre26 ===
+
+Tue Nov 28 23:13:38 MET 2006 mikulas:
+
+	Fixed severe security bug: '"' and ';' in smb:// url could be used for
+	remote command execution.
+
 === RELEASE 2.1pre25 ===
 
 Wed Nov 22 23:55:21 MET 2006 mikulas:
diff -Naur links-2.1pre25/INSTALL links-2.1pre26/INSTALL
--- links-2.1pre25/INSTALL	2006-11-27 15:02:04.000000000 +0100
+++ links-2.1pre26/INSTALL	2006-11-29 22:49:18.000000000 +0100
@@ -1,4 +1,4 @@
-Links 2.1pre25 -- How To Install
+Links 2.1pre26 -- How To Install
 --------------------------------
 
 Follow this step-by-step:
diff -Naur links-2.1pre25/README links-2.1pre26/README
--- links-2.1pre25/README	2006-11-27 15:02:04.000000000 +0100
+++ links-2.1pre26/README	2006-11-29 22:49:18.000000000 +0100
@@ -1,4 +1,4 @@
-Links 2.1pre25
+Links 2.1pre26
 --------------
 
 Links
diff -Naur links-2.1pre25/configure links-2.1pre26/configure
--- links-2.1pre25/configure	2006-11-22 23:15:29.000000000 +0100
+++ links-2.1pre26/configure	2006-11-28 23:38:49.000000000 +0100
@@ -726,7 +726,7 @@
 
 PACKAGE=links
 
-VERSION=2.1pre25
+VERSION=2.1pre26
 
 if test "`cd $srcdir && pwd`" != "`pwd`" && test -f $srcdir/config.status; then
   { echo "configure: error: source directory already configured; run "make distclean" there first" 1>&2; exit 1; }
diff -Naur links-2.1pre25/configure.in links-2.1pre26/configure.in
--- links-2.1pre25/configure.in	2006-11-22 22:56:40.000000000 +0100
+++ links-2.1pre26/configure.in	2006-11-27 15:06:56.000000000 +0100
@@ -5,7 +5,7 @@
 
 AC_INIT(main.c)
 
-AM_INIT_AUTOMAKE(links, 2.1pre25)
+AM_INIT_AUTOMAKE(links, 2.1pre26)
 
 ACLOCAL="./missing aclocal"
 AUTOCONF="./missing autoconf"
diff -Naur links-2.1pre25/file.c links-2.1pre26/file.c
--- links-2.1pre25/file.c	2005-11-27 23:41:17.000000000 +0100
+++ links-2.1pre26/file.c	2006-11-28 18:23:14.000000000 +0100
@@ -337,7 +337,7 @@
 #endif
 			/*add_to_str(&file, &fl, "   ");*/
 			add_to_str(&file, &fl, dir[i].s);
-			add_to_str(&file, &fl, "<a href=\"");
+			add_to_str(&file, &fl, "<a href=\"./");
 			add_conv_str(&file, &fl, dir[i].f, strlen(dir[i].f), 1);
 			if (dir[i].s[0] == 'd') add_to_str(&file, &fl, "/");
 			else if (lnk) {
diff -Naur links-2.1pre25/ftp.c links-2.1pre26/ftp.c
--- links-2.1pre25/ftp.c	2006-10-26 16:06:33.000000000 +0200
+++ links-2.1pre26/ftp.c	2006-11-28 18:17:44.000000000 +0100
@@ -579,7 +579,7 @@
 			}
 		}
 		add_conv_str(&str, &sl, buf, *d, 0);
-		add_to_str(&str, &sl, "<a href=\"");
+		add_to_str(&str, &sl, "<a href=\"./");
 		add_conv_str(&str, &sl, buf + *d, ee - *d, 1);
 		if (buf[0] == 'd') add_chr_to_str(&str, &sl, '/');
 		add_to_str(&str, &sl, "\">");
diff -Naur links-2.1pre25/smb.c links-2.1pre26/smb.c
--- links-2.1pre25/smb.c	2005-11-27 23:41:18.000000000 +0100
+++ links-2.1pre26/smb.c	2006-11-28 18:25:16.000000000 +0100
@@ -11,7 +11,7 @@
 	int list;
 	int cl;
 	int ntext;
-	char text[1];
+	unsigned char text[1];
 };
 
 void smb_got_data(struct connection *);
@@ -22,6 +22,7 @@
 
 void smb_func(struct connection *c)
 {
+	int i;
 	int po[2];
 	int pe[2];
 	unsigned char *host, *user, *pass, *port, *data1, *data, *share, *dir;
@@ -45,6 +46,20 @@
 	if (!(data1 = get_url_data(c->url))) data1 = "";
 	data = init_str(), datal = 0;
 	add_conv_str(&data, &datal, data1, strlen(data1), -2);
+
+	for (i = 0; data[i]; i++) if (data[i] < 32 || data[i] == ';' || (data[i] == '"' && smb_client == SMBCLIENT)) {
+/* ';' shouldn't cause security problems but samba doesn't like it */
+/* '"' is allowed for smbc */
+		mem_free(host);
+		mem_free(port);
+		mem_free(user);
+		mem_free(pass);
+		mem_free(data);
+		setcstate(c, S_BAD_URL);
+		abort_connection(c);
+		return;
+	}
+
 	if ((p = strchr(data, '/'))) share = memacpy(data, p - data), dir = p + 1;
 	else if (*data) {
 		if (!c->cache && get_cache_entry(c->url, &c->cache)) {
@@ -166,7 +181,7 @@
 			}
 			if (*share) {
 				if (!*dir || dir[strlen(dir) - 1] == '/' || dir[strlen(dir) - 1] == '\\') {
-					if (dir) {
+					if (*dir) {
 						v[n++] = "-D";
 						v[n++] = dir;
 					}
@@ -233,6 +248,7 @@
 		v[n++] = NULL;
 		execvp(v[0], (char **)v);
 		fprintf(stderr, "client not found");
+		fflush(stderr);
 		_exit(1);
 	}
 	c->pid = r;
@@ -518,7 +534,7 @@
 							if (!WHITECHAR(*llll)) lll = llll + 1;
 						}
 						add_conv_str(&t, &l, lx, ll - lx, 0);
-						add_to_str(&t, &l, "<a href=\"");
+						add_to_str(&t, &l, "<a href=\"/");
 						add_conv_str(&t, &l, ll, lll - ll, 1);
 						add_to_str(&t, &l, "/\">");
 						add_conv_str(&t, &l, ll, lll - ll, 0);
@@ -564,7 +580,7 @@
 							}
 							pp++;
 						}
-						add_to_str(&t, &l, "  <a href=\"");
+						add_to_str(&t, &l, "  <a href=\"./");
 						add_conv_str(&t, &l, ls + 2, p - (ls + 2), 1);
 						if (dir) add_chr_to_str(&t, &l, '/');
 						add_to_str(&t, &l, "\">");
@@ -584,7 +600,7 @@
 					}
 					d += 9;
 					add_conv_str(&t, &l, ls, d - ls, 0);
-					add_to_str(&t, &l, "<a href=\"");
+					add_to_str(&t, &l, "<a href=\"./");
 					add_conv_str(&t, &l, d, le2 - d, 1);
 					if (ls[4] == 'D') add_chr_to_str(&t, &l, '/');
 					add_to_str(&t, &l, "\">");
diff -Naur links-2.1pre25/url.c links-2.1pre26/url.c
--- links-2.1pre25/url.c	2006-07-17 02:08:57.000000000 +0200
+++ links-2.1pre26/url.c	2006-11-28 17:39:10.000000000 +0100
@@ -44,7 +44,7 @@
 {
 	int i;
 	for (i = 0; protocols[i].prot; i++)
-		if (!casecmp(protocols[i].prot, p, l)) {
+		if (!casecmp(protocols[i].prot, p, l) && strlen(protocols[i].prot) == l) {
 			return i;
 		}
 	return -1;
@@ -500,7 +500,7 @@
 	*l = uu - *s;
 }
 
-#define accept_char(x)	((x) != '"' && (x) != '&' && (x) != '/' && (x) != '<' && (x) != '>')
+#define accept_char(x)	((x) != '"' && (x) != '\'' && (x) != '&' && (x) != '<' && (x) != '>')
 #define special_char(x)	((x) == '%' || (x) == '#')
 
 void add_conv_str(unsigned char **s, int *l, unsigned char *b, int ll, int encode_special)