diff options
| author | tetragon <tetragon@4979c152-3d1c-0410-bac9-87ea11338e46> | 2006-11-07 23:47:14 +0000 |
|---|---|---|
| committer | tetragon <tetragon@4979c152-3d1c-0410-bac9-87ea11338e46> | 2006-11-07 23:47:14 +0000 |
| commit | 3873a1567288326197e0513548e5b0bea128d466 (patch) | |
| tree | a207c2991d1b4996d1adba9488f88c462edcbbd8 /bin | |
| parent | 9ad4354cd37c91a8643da0156ec7cff2d26d2e4b (diff) | |
Whitelist redirect destination
git-svn-id: https://ledger-smb.svn.sourceforge.net/svnroot/ledger-smb/trunk@493 4979c152-3d1c-0410-bac9-87ea11338e46
Diffstat (limited to 'bin')
| -rwxr-xr-x | bin/am.pl | 4 |
1 files changed, 4 insertions, 0 deletions
@@ -3202,6 +3202,8 @@ sub print_recurring { @a = ("perl", "$form->{script}", "action=reprint&module=$form->{module}&type=$form->{type}&login=$form->{login}&path=$form->{path}&sessionid=$form->{sessionid}&id=$form->{id}&formname=$f[$j]&format=$f[$j+1]&media=$media&vc=$form->{vc}&ARAP=$form->{ARAP}"); + $form->error($locale->text('Invalid redirect')) unless + grep {/$form->{script}/} @{LedgerSMB::Sysconfig::scripts}; $ok = !(system(@a)); if ($ok) { @@ -3241,6 +3243,8 @@ sub email_recurring { @a = ("perl", "$form->{script}", "action=reprint&module=$form->{module}&type=$form->{type}&login=$form->{login}&path=$form->{path}&sessionid=$form->{sessionid}&id=$form->{id}&formname=$f[$j]&format=$f[$j+1]&media=email&vc=$form->{vc}&ARAP=$form->{ARAP}&message=$message"); + $form->error($locale->text('Invalid redirect')) unless + grep {/$form->{script}/} @{LedgerSMB::Sysconfig::scripts}; $ok = !(system(@a)); if ($ok) { |