summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authortetragon <tetragon@4979c152-3d1c-0410-bac9-87ea11338e46>2006-11-08 02:18:15 +0000
committertetragon <tetragon@4979c152-3d1c-0410-bac9-87ea11338e46>2006-11-08 02:18:15 +0000
commit30cec9d5d70535d7a30029a3854adbcf8019b13a (patch)
treed8148d1e4fc78170b5c8365035063bc99baa57e9
parenta9059536ea29e53bc0ae2c322532eac1a9ef558c (diff)
Fix edge cases of redirect whitelisting
git-svn-id: https://ledger-smb.svn.sourceforge.net/svnroot/ledger-smb/trunk@495 4979c152-3d1c-0410-bac9-87ea11338e46
-rwxr-xr-xLedgerSMB/Form.pm3
-rwxr-xr-xbin/am.pl6
2 files changed, 6 insertions, 3 deletions
diff --git a/LedgerSMB/Form.pm b/LedgerSMB/Form.pm
index 94f21142..c9af2d1e 100755
--- a/LedgerSMB/Form.pm
+++ b/LedgerSMB/Form.pm
@@ -317,12 +317,13 @@ sub set_cookie {
sub redirect {
my ($self, $msg) = @_;
+ use List::Util qw(first);
if ($self->{callback}) {
my ($script, $argv) = split(/\?/, $self->{callback});
$self->error($locale->text("Invalid redirect")) unless
- grep {/$script/} @{LedgerSMB::Sysconfig::scripts};
+ first {$_ eq $script} @{LedgerSMB::Sysconfig::scripts};
exec ("perl", $script, $argv);
} else {
diff --git a/bin/am.pl b/bin/am.pl
index d1c3260d..ea356dbf 100755
--- a/bin/am.pl
+++ b/bin/am.pl
@@ -3186,6 +3186,7 @@ sub process_transactions {
sub print_recurring {
my ($pt, $defaultprinter) = @_;
+ use List::Util qw(first);
my %f = &formnames;
my $ok = 1;
@@ -3203,7 +3204,7 @@ sub print_recurring {
@a = ("perl", "$form->{script}", "action=reprint&module=$form->{module}&type=$form->{type}&login=$form->{login}&path=$form->{path}&sessionid=$form->{sessionid}&id=$form->{id}&formname=$f[$j]&format=$f[$j+1]&media=$media&vc=$form->{vc}&ARAP=$form->{ARAP}");
$form->error($locale->text('Invalid redirect')) unless
- grep {/$form->{script}/} @{LedgerSMB::Sysconfig::scripts};
+ first {$_ eq $form->{script}} @{LedgerSMB::Sysconfig::scripts};
$ok = !(system(@a));
if ($ok) {
@@ -3222,6 +3223,7 @@ sub print_recurring {
sub email_recurring {
my ($pt) = @_;
+ use List::Util qw(first);
my %f = &formnames;
my $ok = 1;
@@ -3244,7 +3246,7 @@ sub email_recurring {
@a = ("perl", "$form->{script}", "action=reprint&module=$form->{module}&type=$form->{type}&login=$form->{login}&path=$form->{path}&sessionid=$form->{sessionid}&id=$form->{id}&formname=$f[$j]&format=$f[$j+1]&media=email&vc=$form->{vc}&ARAP=$form->{ARAP}&message=$message");
$form->error($locale->text('Invalid redirect')) unless
- grep {/$form->{script}/} @{LedgerSMB::Sysconfig::scripts};
+ first {$_ eq $form->{script}} @{LedgerSMB::Sysconfig::scripts};
$ok = !(system(@a));
if ($ok) {