summaryrefslogtreecommitdiff
path: root/LedgerSMB
diff options
context:
space:
mode:
authoreinhverfr <einhverfr@4979c152-3d1c-0410-bac9-87ea11338e46>2007-03-22 04:55:05 +0000
committereinhverfr <einhverfr@4979c152-3d1c-0410-bac9-87ea11338e46>2007-03-22 04:55:05 +0000
commit69198ce76ad07d212f8d895f82d8555c8e44a8eb (patch)
tree5d6d77898cbd41fb0ad3ef07f7bdd021c7ecef8e /LedgerSMB
parent961666a82601b6be4865ea6380ae8eda85f4305a (diff)
Adding protection against ADS Windows users in template editor
git-svn-id: https://ledger-smb.svn.sourceforge.net/svnroot/ledger-smb/branches/1.2@980 4979c152-3d1c-0410-bac9-87ea11338e46
Diffstat (limited to 'LedgerSMB')
-rwxr-xr-xLedgerSMB/AM.pm2
1 files changed, 1 insertions, 1 deletions
diff --git a/LedgerSMB/AM.pm b/LedgerSMB/AM.pm
index 387d9d8b..fb4794f4 100755
--- a/LedgerSMB/AM.pm
+++ b/LedgerSMB/AM.pm
@@ -1251,7 +1251,7 @@ sub check_template_name {
my ($self, $myconfig, $form) = @_;
my @allowedsuff = qw(css tex txt html xml);
- if ($form->{file} =~ /^(.:)*?\/|\.\.\/|^\//){
+ if ($form->{file} =~ /^(.:)*?\/|:|\.\.\/|^\//){
$form->error("Directory transversal not allowed.");
}
if ($form->{file} =~ /^${LedgerSMB::Sysconfig::userspath}\//){