[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

SF.net SVN: ledger-smb: [495] trunk

Revision: 495
          http://svn.sourceforge.net/ledger-smb/?rev=495&view=rev
Author:   tetragon
Date:     2006-11-07 18:18:15 -0800 (Tue, 07 Nov 2006)

Log Message:
-----------
Fix edge cases of redirect whitelisting

Modified Paths:
--------------
    trunk/LedgerSMB/Form.pm
    trunk/bin/am.pl

Modified: trunk/LedgerSMB/Form.pm
===================================================================
--- trunk/LedgerSMB/Form.pm	2006-11-08 00:32:04 UTC (rev 494)
+++ trunk/LedgerSMB/Form.pm	2006-11-08 02:18:15 UTC (rev 495)
@@ -317,12 +317,13 @@
 sub redirect {
 
 	my ($self, $msg) = @_;
+	use List::Util qw(first);
 
 	if ($self->{callback}) {
 
 		my ($script, $argv) = split(/\?/, $self->{callback});
 		$self->error($locale->text("Invalid redirect")) unless
-			grep {/$script/} @{LedgerSMB::Sysconfig::scripts};
+			first {$_ eq $script} @{LedgerSMB::Sysconfig::scripts};
 		exec ("perl", $script, $argv);
 
 	} else {

Modified: trunk/bin/am.pl
===================================================================
--- trunk/bin/am.pl	2006-11-08 00:32:04 UTC (rev 494)
+++ trunk/bin/am.pl	2006-11-08 02:18:15 UTC (rev 495)
@@ -3186,6 +3186,7 @@
 
 sub print_recurring {
   my ($pt, $defaultprinter) = @_;
+  use List::Util qw(first);
 
   my %f = &formnames;
   my $ok = 1;
@@ -3203,7 +3204,7 @@
       @a = ("perl", "$form->{script}", "action=reprint&module=$form->{module}&type=$form->{type}&login=$form->{login}&path=$form->{path}&sessionid=$form->{sessionid}&id=$form->{id}&formname=$f[$j]&format=$f[$j+1]&media=$media&vc=$form->{vc}&ARAP=$form->{ARAP}");
 
       $form->error($locale->text('Invalid redirect')) unless
-        grep {/$form->{script}/} @{LedgerSMB::Sysconfig::scripts};
+        first {$_ eq $form->{script}} @{LedgerSMB::Sysconfig::scripts};
       $ok = !(system(@a));
       
       if ($ok) {
@@ -3222,6 +3223,7 @@
 
 sub email_recurring {
   my ($pt) = @_;
+  use List::Util qw(first);
 
   my %f = &formnames;
   my $ok = 1;
@@ -3244,7 +3246,7 @@
       @a = ("perl", "$form->{script}", "action=reprint&module=$form->{module}&type=$form->{type}&login=$form->{login}&path=$form->{path}&sessionid=$form->{sessionid}&id=$form->{id}&formname=$f[$j]&format=$f[$j+1]&media=email&vc=$form->{vc}&ARAP=$form->{ARAP}&message=$message");
 
       $form->error($locale->text('Invalid redirect')) unless
-        grep {/$form->{script}/} @{LedgerSMB::Sysconfig::scripts};
+        first {$_ eq $form->{script}} @{LedgerSMB::Sysconfig::scripts};
       $ok = !(system(@a));
       
       if ($ok) {


This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.