diff options
| author | einhverfr <einhverfr@4979c152-3d1c-0410-bac9-87ea11338e46> | 2007-03-21 06:29:55 +0000 |
|---|---|---|
| committer | einhverfr <einhverfr@4979c152-3d1c-0410-bac9-87ea11338e46> | 2007-03-21 06:29:55 +0000 |
| commit | c7ff92cdcfd5d6f46ecf7e110e181fdc5f2ea04a (patch) | |
| tree | f3bac25f2ec707c7f872d457b6227b427b888143 /LedgerSMB | |
| parent | b1e7506c0779129f3d6bc9f6dc68987d423ae8a9 (diff) | |
Adding some additional controls to Form.pm
git-svn-id: https://ledger-smb.svn.sourceforge.net/svnroot/ledger-smb/trunk@972 4979c152-3d1c-0410-bac9-87ea11338e46
Diffstat (limited to 'LedgerSMB')
| -rwxr-xr-x | LedgerSMB/Form.pm | 10 |
1 files changed, 10 insertions, 0 deletions
diff --git a/LedgerSMB/Form.pm b/LedgerSMB/Form.pm index ffdd040a..ff436451 100755 --- a/LedgerSMB/Form.pm +++ b/LedgerSMB/Form.pm @@ -78,6 +78,16 @@ sub new { bless $self, $type; + $self->{path} =~ s#\\#/#g; + if (($self->{path}) && ($self->{path} !~ m#^bin/#) + || ($self->{path} =~ m#(\w*/){2,}#)){ + $self->error("Access Denied"); + } + if (($self->{script} =~ m#(..|\\|/)#)){ + $self->error("Access Denied"); + } + + if (($self->{action} =~ /:/) || ($self->{nextsub} =~ /:/)){ $self->error("Access Denied"); } |