[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

SF.net SVN: ledger-smb:[4468] branches/1.3

Subject: SF.net SVN: ledger-smb:[4468] branches/1.3
From: ..hidden..
Date: Thu, 15 Mar 2012 09:07:24 +0000

Revision: 4468
          http://ledger-smb.svn.sourceforge.net/ledger-smb/?rev=4468&view=rev
Author:   einhverfr
Date:     2012-03-15 09:07:24 +0000 (Thu, 15 Mar 2012)
Log Message:
-----------
Correcting bug 3504924, directory transversal and type detection broken for template editing

Modified Paths:
--------------
    branches/1.3/Changelog
    branches/1.3/LedgerSMB/AM.pm
    branches/1.3/bin/am.pl

Modified: branches/1.3/Changelog
===================================================================
--- branches/1.3/Changelog	2012-03-15 08:07:12 UTC (rev 4467)
+++ branches/1.3/Changelog	2012-03-15 09:07:24 UTC (rev 4468)
@@ -5,6 +5,8 @@
 Changelog for 1.3.14
 * Argentina (Spanish) translation and charts of accounts added. (Andres B)
 * Fixed errors saving when duedate is blank, bug 3503463 (Chris T)
+* Corrected editing pos_invoice.txt whitelisting in front-end (Chris T)
+* Corrected erroneous directory transversal denial (Chris T, bug 3504924)
 
 Andres B is Andres Basile
 

Modified: branches/1.3/LedgerSMB/AM.pm
===================================================================
--- branches/1.3/LedgerSMB/AM.pm	2012-03-15 08:07:12 UTC (rev 4467)
+++ branches/1.3/LedgerSMB/AM.pm	2012-03-15 09:07:24 UTC (rev 4468)
@@ -1501,7 +1501,7 @@
     my ( $self, $myconfig, $form ) = @_;
 
     my @allowedsuff = qw(css tex txt html xml);
-    if ( $form->{file} =~ /^(.:)*?\/|:|\.\.\/|^\// ) {
+    if ( $form->{file} =~ /^(.:)*?\/|:|\.\.\// ) {
         $form->error("Directory transversal not allowed.");
     }
     if ( $form->{file} =~ /^${LedgerSMB::Sysconfig::backuppath}\// ) {

Modified: branches/1.3/bin/am.pl
===================================================================
--- branches/1.3/bin/am.pl	2012-03-15 08:07:12 UTC (rev 4467)
+++ branches/1.3/bin/am.pl	2012-03-15 09:07:24 UTC (rev 4468)
@@ -1274,7 +1274,7 @@
         $form->{file} = "$form->{template}.tex";
     } elsif (uc($form->{format}) eq 'HTML') {
         $form->{file} = "$form->{template}.html";
-    } elsif (uc($form->{format}) eq 'TXT'){
+    } elsif (uc($form->{format}) eq 'TEXT'){
         $form->{file} = "$form->{template}.txt";
     }
 

This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.

Prev by Date: SF.net SVN: ledger-smb:[4467] trunk
Next by Date: SF.net SVN: ledger-smb:[4469] branches/1.3/Changelog
Previous by thread: SF.net SVN: ledger-smb:[4467] trunk
Next by thread: SF.net SVN: ledger-smb:[4469] branches/1.3/Changelog
Index(es):
- Date
- Thread