[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
SF.net SVN: ledger-smb: [947] branches/1.2/LedgerSMB/Form.pm
- Subject: SF.net SVN: ledger-smb: [947] branches/1.2/LedgerSMB/Form.pm
- From: ..hidden..
- Date: Mon, 19 Mar 2007 11:28:33 -0700
Revision: 947
http://svn.sourceforge.net/ledger-smb/?rev=947&view=rev
Author: einhverfr
Date: 2007-03-19 11:28:32 -0700 (Mon, 19 Mar 2007)
Log Message:
-----------
Adding sanity checks to path and script
Modified Paths:
--------------
branches/1.2/LedgerSMB/Form.pm
Modified: branches/1.2/LedgerSMB/Form.pm
===================================================================
--- branches/1.2/LedgerSMB/Form.pm 2007-03-18 05:30:46 UTC (rev 946)
+++ branches/1.2/LedgerSMB/Form.pm 2007-03-19 18:28:32 UTC (rev 947)
@@ -69,6 +69,7 @@
$self->{nextsub} =~ s/( |-|,|\#|\/|\.$)/_/g;
}
+
$self->{menubar} = 1 if $self->{path} =~ /lynx/i;
#menubar will be deprecated, replaced with below
$self->{lynx} = 1 if $self->{path} =~ /lynx/i;
@@ -78,6 +79,17 @@
bless $self, $type;
+ $self->{path} =~ s#\\#/#g;
+ if (($self->{path}) && ($self->{path} !~ m#^bin/#)
+ || ($self->{path} =~ m#(\w*/){2,}#)){
+ $self->error("Access Denied");
+ }
+ if (($self->{script} =~ m#(..|\\|/)#)){
+ $self->error("Access Denied");
+ }
+
+
+
if (($self->{action} =~ /:/) || ($self->{nextsub} =~ /:/)){
$self->error("Access Denied");
}
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.