[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

SF.net SVN: ledger-smb: [972] trunk/LedgerSMB/Form.pm

Subject: SF.net SVN: ledger-smb: [972] trunk/LedgerSMB/Form.pm
From: ..hidden..
Date: Tue, 20 Mar 2007 23:29:55 -0700

Revision: 972
          http://svn.sourceforge.net/ledger-smb/?rev=972&view=rev
Author:   einhverfr
Date:     2007-03-20 23:29:55 -0700 (Tue, 20 Mar 2007)

Log Message:
-----------
Adding some additional controls to Form.pm

Modified Paths:
--------------
    trunk/LedgerSMB/Form.pm

Modified: trunk/LedgerSMB/Form.pm
===================================================================
--- trunk/LedgerSMB/Form.pm	2007-03-21 06:27:01 UTC (rev 971)
+++ trunk/LedgerSMB/Form.pm	2007-03-21 06:29:55 UTC (rev 972)
@@ -78,6 +78,16 @@
 
 	bless $self, $type;
 
+	$self->{path} =~ s#\\#/#g;
+	if (($self->{path}) && ($self->{path} !~ m#^bin/#) 
+				|| ($self->{path} =~ m#(\w*/){2,}#)){
+		$self->error("Access Denied");
+	}
+	if (($self->{script} =~ m#(..|\\|/)#)){
+		$self->error("Access Denied");
+	}
+		
+
 	if (($self->{action} =~ /:/) || ($self->{nextsub} =~ /:/)){
 		$self->error("Access Denied");
 	}


This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.

Prev by Date: SF.net SVN: ledger-smb: [971] branches/1.2/LedgerSMB/CP.pm
Next by Date: SF.net SVN: ledger-smb: [973] trunk/LedgerSMB/CP.pm
Previous by thread: SF.net SVN: ledger-smb: [971] branches/1.2/LedgerSMB/CP.pm
Next by thread: SF.net SVN: ledger-smb: [973] trunk/LedgerSMB/CP.pm
Index(es):
- Date
- Thread