SF.net SVN: ledger-smb:[4684] branches/1.3

[..hidden..]

Revision: 4684
          http://ledger-smb.svn.sourceforge.net/ledger-smb/?rev=4684&view=rev
Author:   einhverfr
Date:     2012-04-25 10:59:04 +0000 (Wed, 25 Apr 2012)
Log Message:
-----------
Correcting errors when trying to edit template and templates directory set to absolute path

Modified Paths:
--------------
    branches/1.3/Changelog
    branches/1.3/LedgerSMB/AM.pm

Modified: branches/1.3/Changelog
===================================================================
--- branches/1.3/Changelog	2012-04-25 06:28:50 UTC (rev 4683)
+++ branches/1.3/Changelog	2012-04-25 10:59:04 UTC (rev 4684)
@@ -11,6 +11,8 @@
 * Fixed curr totals not showing for aging rpts (Chris T, 3512591, h/t John L)
 * Fixed new user screen not respecting default country (Chris T, 3513760)
 * Fixed hasn(...) in HTML payment receipt (Chris T, 3515924, h/t Michael R)
+* Fixed errors about Concat() not found on Pg 8.4 (Erik H)
+* Fixed can't edit templates with absolute templates path (Chris T 3516725)
 
 John L is John Locke
 Michael R is Michael Richardson

Modified: branches/1.3/LedgerSMB/AM.pm
===================================================================
--- branches/1.3/LedgerSMB/AM.pm	2012-04-25 06:28:50 UTC (rev 4683)
+++ branches/1.3/LedgerSMB/AM.pm	2012-04-25 10:59:04 UTC (rev 4684)
@@ -1501,7 +1501,11 @@
     my ( $self, $myconfig, $form ) = @_;
 
     my @allowedsuff = qw(css tex txt html xml);
-    if ( $form->{file} =~ /^(.:)*?\/|:|\.\.\// ) {
+    my $test = $form->{file};
+    if ($LedgerSMB::Sysconfig::templates =~ /^(.:)*?\//){
+        $test =~ s#^$LedgerSMB::Sysconfig::templates/?\\?##;
+    }
+    if ( $test =~ /^(.:)*?\/|:|\.\.\// ) {
         $form->error("Directory transversal not allowed.");
     }
     if ( $form->{file} =~ /^${LedgerSMB::Sysconfig::backuppath}\// ) {

This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.