[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
SF.net SVN: ledger-smb: [980] branches/1.2/LedgerSMB/AM.pm
- Subject: SF.net SVN: ledger-smb: [980] branches/1.2/LedgerSMB/AM.pm
- From: ..hidden..
- Date: Wed, 21 Mar 2007 21:55:06 -0700
Revision: 980
http://svn.sourceforge.net/ledger-smb/?rev=980&view=rev
Author: einhverfr
Date: 2007-03-21 21:55:05 -0700 (Wed, 21 Mar 2007)
Log Message:
-----------
Adding protection against ADS Windows users in template editor
Modified Paths:
--------------
branches/1.2/LedgerSMB/AM.pm
Modified: branches/1.2/LedgerSMB/AM.pm
===================================================================
--- branches/1.2/LedgerSMB/AM.pm 2007-03-22 04:53:46 UTC (rev 979)
+++ branches/1.2/LedgerSMB/AM.pm 2007-03-22 04:55:05 UTC (rev 980)
@@ -1251,7 +1251,7 @@
my ($self, $myconfig, $form) = @_;
my @allowedsuff = qw(css tex txt html xml);
- if ($form->{file} =~ /^(.:)*?\/|\.\.\/|^\//){
+ if ($form->{file} =~ /^(.:)*?\/|:|\.\.\/|^\//){
$form->error("Directory transversal not allowed.");
}
if ($form->{file} =~ /^${LedgerSMB::Sysconfig::userspath}\//){
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.