diff options
| -rwxr-xr-x | LedgerSMB/Form.pm | 7 | ||||
| -rwxr-xr-x | bin/login.pl | 6 | ||||
| -rwxr-xr-x | menu.pl | 2 |
3 files changed, 2 insertions, 13 deletions
diff --git a/LedgerSMB/Form.pm b/LedgerSMB/Form.pm index 9f37ad09..e873622d 100755 --- a/LedgerSMB/Form.pm +++ b/LedgerSMB/Form.pm @@ -79,11 +79,8 @@ sub new { bless $self, $type; - $self->{path} =~ s#\\#/#g; - if (($self->{path}) && ($self->{path} !~ m#^bin/#) - || ($self->{path} =~ m#(\w*/){2,}#)){ - $self->error("Access Denied"); - } + if ($form->{path} ne 'bin/lynx'){ $form->{path} = 'bin/mozilla';} + if (($self->{script} =~ m#(..|\\|/)#)){ $self->error("Access Denied"); } diff --git a/bin/login.pl b/bin/login.pl index 0caf8114..96c0cb64 100755 --- a/bin/login.pl +++ b/bin/login.pl @@ -78,12 +78,6 @@ if (-f "bin/custom/$form->{script}") { $form->error(__FILE__.':'.__LINE__.': '.$@) if ($@); } -# per login customization -if (-f "bin/custom/$form->{login}_$form->{script}") { - eval { require "bin/custom/$form->{login}_$form->{script}"; }; - $form->error(__FILE__.':'.__LINE__.': '.$@) if ($@); -} - # window title bar, user info $form->{titlebar} = "LedgerSMB ".$locale->text('Version'). " $form->{version}"; @@ -110,8 +110,6 @@ $SIG{__DIE__} = sub { $form->error(__FILE__.':'.__LINE__.': '.$_[0]) }; map { $form->{$_} = $myconfig{$_} } qw(stylesheet timeout) unless ($form->{type} eq 'preferences'); $form->db_init(\%myconfig); -if ($form->{path} ne 'bin/lynx'){ $form->{path} = 'bin/mozilla';} - # did sysadmin lock us out if (-f "${LedgerSMB::Sysconfig::userspath}/nologin") { $form->error(__FILE__.':'.__LINE__.': '.$locale->text('System currently down for maintenance!')); |