diff options
| author | einhverfr <einhverfr@4979c152-3d1c-0410-bac9-87ea11338e46> | 2007-03-19 18:28:32 +0000 |
|---|---|---|
| committer | einhverfr <einhverfr@4979c152-3d1c-0410-bac9-87ea11338e46> | 2007-03-19 18:28:32 +0000 |
| commit | 64febd669873e6a76293eb666941b4b47e8cd829 (patch) | |
| tree | 8ccd8abd2282ce39f9a5585714e4010a35733ab8 | |
| parent | c4cf01bf2b6aa9cfaf8a864abe414afe9d39cc9b (diff) | |
Adding sanity checks to path and script
git-svn-id: https://ledger-smb.svn.sourceforge.net/svnroot/ledger-smb/branches/1.2@947 4979c152-3d1c-0410-bac9-87ea11338e46
| -rwxr-xr-x | LedgerSMB/Form.pm | 12 |
1 files changed, 12 insertions, 0 deletions
diff --git a/LedgerSMB/Form.pm b/LedgerSMB/Form.pm index 0785caf5..9f37ad09 100755 --- a/LedgerSMB/Form.pm +++ b/LedgerSMB/Form.pm @@ -69,6 +69,7 @@ sub new { $self->{nextsub} =~ s/( |-|,|\#|\/|\.$)/_/g; } + $self->{menubar} = 1 if $self->{path} =~ /lynx/i; #menubar will be deprecated, replaced with below $self->{lynx} = 1 if $self->{path} =~ /lynx/i; @@ -78,6 +79,17 @@ sub new { bless $self, $type; + $self->{path} =~ s#\\#/#g; + if (($self->{path}) && ($self->{path} !~ m#^bin/#) + || ($self->{path} =~ m#(\w*/){2,}#)){ + $self->error("Access Denied"); + } + if (($self->{script} =~ m#(..|\\|/)#)){ + $self->error("Access Denied"); + } + + + if (($self->{action} =~ /:/) || ($self->{nextsub} =~ /:/)){ $self->error("Access Denied"); } |