Whitelist redirect destination

git-svn-id: https://ledger-smb.svn.sourceforge.net/svnroot/ledger-smb/trunk@493 4979c152-3d1c-0410-bac9-87ea11338e46
author: tetragon <tetragon@4979c152-3d1c-0410-bac9-87ea11338e46> 2006-11-07 23:47:14 +0000
committer: tetragon <tetragon@4979c152-3d1c-0410-bac9-87ea11338e46> 2006-11-07 23:47:14 +0000
commit: 3873a1567288326197e0513548e5b0bea128d466 (patch)
tree: a207c2991d1b4996d1adba9488f88c462edcbbd8 /LedgerSMB/Form.pm
parent: 9ad4354cd37c91a8643da0156ec7cff2d26d2e4b (diff)
1 files changed, 2 insertions, 0 deletions
diff --git a/LedgerSMB/Form.pm b/LedgerSMB/Form.pm
index a3005ee9..94f21142 100755
--- a/LedgerSMB/Form.pm
+++ b/LedgerSMB/Form.pm
@@ -321,6 +321,8 @@ sub redirect {
 	if ($self->{callback}) {
 
 		my ($script, $argv) = split(/\?/, $self->{callback});
+		$self->error($locale->text("Invalid redirect")) unless
+			grep {/$script/} @{LedgerSMB::Sysconfig::scripts};
 		exec ("perl", $script, $argv);
 
 	} else {
author	tetragon <tetragon@4979c152-3d1c-0410-bac9-87ea11338e46>	2006-11-07 23:47:14 +0000
committer	tetragon <tetragon@4979c152-3d1c-0410-bac9-87ea11338e46>	2006-11-07 23:47:14 +0000
commit	3873a1567288326197e0513548e5b0bea128d466 (patch)
tree	a207c2991d1b4996d1adba9488f88c462edcbbd8 /LedgerSMB/Form.pm
parent	9ad4354cd37c91a8643da0156ec7cff2d26d2e4b (diff)