[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

SF.net SVN: ledger-smb: [949] branches/1.2/LedgerSMB/Form.pm

Subject: SF.net SVN: ledger-smb: [949] branches/1.2/LedgerSMB/Form.pm
From: ..hidden..
Date: Mon, 19 Mar 2007 18:55:38 -0700

Revision: 949
          http://svn.sourceforge.net/ledger-smb/?rev=949&view=rev
Author:   tetragon
Date:     2007-03-19 18:55:37 -0700 (Mon, 19 Mar 2007)

Log Message:
-----------
Whitelist the possible $form->{script} values

Modified Paths:
--------------
    branches/1.2/LedgerSMB/Form.pm

Modified: branches/1.2/LedgerSMB/Form.pm
===================================================================
--- branches/1.2/LedgerSMB/Form.pm	2007-03-19 18:53:52 UTC (rev 948)
+++ branches/1.2/LedgerSMB/Form.pm	2007-03-20 01:55:37 UTC (rev 949)
@@ -45,6 +45,8 @@
 
 	my $argstr = shift;
 
+	use List::Util qw(first);
+
 	read(STDIN, $_, $ENV{CONTENT_LENGTH});
 
 	if ($argstr){
@@ -79,13 +81,14 @@
 
 	bless $self, $type;
 
-	if ($form->{path} ne 'bin/lynx'){ $form->{path} = 'bin/mozilla';}	
+	if ($self->{path} ne 'bin/lynx'){ $self->{path} = 'bin/mozilla';}	
 
 	if (($self->{script} =~ m#(..|\\|/)#)){
 		$self->error("Access Denied");
 	}
-		
-		
+	if (not	first {$_ eq $self->{script}} @{LedgerSMB::Sysconfig::scripts}){
+		$self->error('Access Denied');
+	}
 
 	if (($self->{action} =~ /:/) || ($self->{nextsub} =~ /:/)){
 		$self->error("Access Denied");
@@ -213,9 +216,8 @@
 
 		if ($ENV{error_function}) {
 			&{ $ENV{error_function} }($msg);
-		} else {
-			die "Error: $msg\n";
 		}
+		die "Error: $msg\n";
 	}
 }
 


This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.

Prev by Date: SF.net SVN: ledger-smb: [948] branches/1.2
Next by Date: SF.net SVN: ledger-smb: [950] branches/1.2/LedgerSMB/Form.pm
Previous by thread: SF.net SVN: ledger-smb: [948] branches/1.2
Next by thread: SF.net SVN: ledger-smb: [950] branches/1.2/LedgerSMB/Form.pm
Index(es):
- Date
- Thread