summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authoreinhverfr <einhverfr@4979c152-3d1c-0410-bac9-87ea11338e46>2007-03-22 04:53:46 +0000
committereinhverfr <einhverfr@4979c152-3d1c-0410-bac9-87ea11338e46>2007-03-22 04:53:46 +0000
commit961666a82601b6be4865ea6380ae8eda85f4305a (patch)
tree08c77e7b231fd119eca702ffb4471da91d626bea
parent75a9634708ffc8287a80dcecf40d41db823b0c7c (diff)
Adding protection against ADS for Windows users in parse template routines
git-svn-id: https://ledger-smb.svn.sourceforge.net/svnroot/ledger-smb/branches/1.2@979 4979c152-3d1c-0410-bac9-87ea11338e46
-rwxr-xr-xLedgerSMB/Form.pm8
1 files changed, 8 insertions, 0 deletions
diff --git a/LedgerSMB/Form.pm b/LedgerSMB/Form.pm
index bc693ea9..ac3121ae 100755
--- a/LedgerSMB/Form.pm
+++ b/LedgerSMB/Form.pm
@@ -591,6 +591,14 @@ sub parse_template {
my ($self, $myconfig) = @_;
$self->{cwd} = Cwd::getcwd();
+ for (qw(IN OUT)){
+ if ($self->{$_} =~ m#[:/\\]#){
+ $self->error("Access denied");
+ }
+ }
+ if ($self->{language_code} =~ m#[:/\\.*]#){
+ $self->error("Access Denied");
+ }
my ($chars_per_line, $lines_on_first_page, $lines_on_second_page) = (0, 0, 0);
my ($current_page, $current_line) = (1, 1);