summaryrefslogtreecommitdiff
path: root/bin
diff options
context:
space:
mode:
authortetragon <tetragon@4979c152-3d1c-0410-bac9-87ea11338e46>2006-11-07 23:47:14 +0000
committertetragon <tetragon@4979c152-3d1c-0410-bac9-87ea11338e46>2006-11-07 23:47:14 +0000
commit3873a1567288326197e0513548e5b0bea128d466 (patch)
treea207c2991d1b4996d1adba9488f88c462edcbbd8 /bin
parent9ad4354cd37c91a8643da0156ec7cff2d26d2e4b (diff)
Whitelist redirect destination
git-svn-id: https://ledger-smb.svn.sourceforge.net/svnroot/ledger-smb/trunk@493 4979c152-3d1c-0410-bac9-87ea11338e46
Diffstat (limited to 'bin')
-rwxr-xr-xbin/am.pl4
1 files changed, 4 insertions, 0 deletions
diff --git a/bin/am.pl b/bin/am.pl
index 7931ff92..d1c3260d 100755
--- a/bin/am.pl
+++ b/bin/am.pl
@@ -3202,6 +3202,8 @@ sub print_recurring {
@a = ("perl", "$form->{script}", "action=reprint&module=$form->{module}&type=$form->{type}&login=$form->{login}&path=$form->{path}&sessionid=$form->{sessionid}&id=$form->{id}&formname=$f[$j]&format=$f[$j+1]&media=$media&vc=$form->{vc}&ARAP=$form->{ARAP}");
+ $form->error($locale->text('Invalid redirect')) unless
+ grep {/$form->{script}/} @{LedgerSMB::Sysconfig::scripts};
$ok = !(system(@a));
if ($ok) {
@@ -3241,6 +3243,8 @@ sub email_recurring {
@a = ("perl", "$form->{script}", "action=reprint&module=$form->{module}&type=$form->{type}&login=$form->{login}&path=$form->{path}&sessionid=$form->{sessionid}&id=$form->{id}&formname=$f[$j]&format=$f[$j+1]&media=email&vc=$form->{vc}&ARAP=$form->{ARAP}&message=$message");
+ $form->error($locale->text('Invalid redirect')) unless
+ grep {/$form->{script}/} @{LedgerSMB::Sysconfig::scripts};
$ok = !(system(@a));
if ($ok) {