diff options
author | einhverfr <einhverfr@4979c152-3d1c-0410-bac9-87ea11338e46> | 2007-03-22 04:53:46 +0000 |
---|---|---|
committer | einhverfr <einhverfr@4979c152-3d1c-0410-bac9-87ea11338e46> | 2007-03-22 04:53:46 +0000 |
commit | 961666a82601b6be4865ea6380ae8eda85f4305a (patch) | |
tree | 08c77e7b231fd119eca702ffb4471da91d626bea | |
parent | 75a9634708ffc8287a80dcecf40d41db823b0c7c (diff) |
Adding protection against ADS for Windows users in parse template routines
git-svn-id: https://ledger-smb.svn.sourceforge.net/svnroot/ledger-smb/branches/1.2@979 4979c152-3d1c-0410-bac9-87ea11338e46
-rwxr-xr-x | LedgerSMB/Form.pm | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/LedgerSMB/Form.pm b/LedgerSMB/Form.pm index bc693ea9..ac3121ae 100755 --- a/LedgerSMB/Form.pm +++ b/LedgerSMB/Form.pm @@ -591,6 +591,14 @@ sub parse_template { my ($self, $myconfig) = @_; $self->{cwd} = Cwd::getcwd(); + for (qw(IN OUT)){ + if ($self->{$_} =~ m#[:/\\]#){ + $self->error("Access denied"); + } + } + if ($self->{language_code} =~ m#[:/\\.*]#){ + $self->error("Access Denied"); + } my ($chars_per_line, $lines_on_first_page, $lines_on_second_page) = (0, 0, 0); my ($current_page, $current_line) = (1, 1); |