[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
SF.net SVN: ledger-smb: [845] branches/1.2/LedgerSMB/Form.pm
- Subject: SF.net SVN: ledger-smb: [845] branches/1.2/LedgerSMB/Form.pm
- From: ..hidden..
- Date: Sun, 04 Mar 2007 15:05:24 -0800
Revision: 845
http://svn.sourceforge.net/ledger-smb/?rev=845&view=rev
Author: einhverfr
Date: 2007-03-04 15:05:24 -0800 (Sun, 04 Mar 2007)
Log Message:
-----------
Adding operator whitelisting to template conditionals
Modified Paths:
--------------
branches/1.2/LedgerSMB/Form.pm
Modified: branches/1.2/LedgerSMB/Form.pm
===================================================================
--- branches/1.2/LedgerSMB/Form.pm 2007-03-03 06:38:34 UTC (rev 844)
+++ branches/1.2/LedgerSMB/Form.pm 2007-03-04 23:05:24 UTC (rev 845)
@@ -761,8 +761,11 @@
s/.*?<\?lsmb if (.+?) \?>/$1/;
if (/\s/) {
- @a = split;
- $ok = eval "$self->{$a[0]} $a[1] $a[2]";
+ @args = split;
+ if ($args[1] !~ /^(==|eq|>|gt|>|lt|>=|ge|le|<=|ne|!=)$/){
+ $self->error("Unknown/forbidden operator");
+ }
+ $ok = eval "$self->{$args[0]} $args[1] $args[2]";
} else {
$ok = $self->{$_};
}
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.