diff options
| -rwxr-xr-x | LedgerSMB/Form.pm | 12 | ||||
| -rwxr-xr-x | LedgerSMB/Session/DB.pm | 1 |
2 files changed, 6 insertions, 7 deletions
diff --git a/LedgerSMB/Form.pm b/LedgerSMB/Form.pm index 43fa3b00..bc693ea9 100755 --- a/LedgerSMB/Form.pm +++ b/LedgerSMB/Form.pm @@ -38,6 +38,7 @@ use LedgerSMB::Sysconfig; use List::Util qw(first); use LedgerSMB::Mailer; use Time::Local; +use Cwd; package Form; @@ -86,16 +87,13 @@ sub new { if ($self->{path} ne 'bin/lynx'){ $self->{path} = 'bin/mozilla';} - if (($self->{script} =~ m#(..|\\|/)#)){ - $self->error("Access Denied"); - } - if (($self->{script}) and not first {$_ eq $self->{script}} + if (($self->{script}) and not List::Util::first {$_ eq $self->{script}} @{LedgerSMB::Sysconfig::scripts}){ - $self->error('Access Denied'); + $self->error('Access Denied', __line__, __file__); } if (($self->{action} =~ /:/) || ($self->{nextsub} =~ /:/)){ - $self->error("Access Denied"); + $self->error("Access Denied", __line__, __file__); } for (keys %$self){ $self->{$_} =~ s/\000//g } @@ -592,6 +590,8 @@ sub parse_template { my ($self, $myconfig) = @_; + $self->{cwd} = Cwd::getcwd(); + my ($chars_per_line, $lines_on_first_page, $lines_on_second_page) = (0, 0, 0); my ($current_page, $current_line) = (1, 1); my $pagebreak = ""; diff --git a/LedgerSMB/Session/DB.pm b/LedgerSMB/Session/DB.pm index eb550c62..d10932aa 100755 --- a/LedgerSMB/Session/DB.pm +++ b/LedgerSMB/Session/DB.pm @@ -227,7 +227,6 @@ sub password_check { $fetchPassword->execute($username) || $form->dberror(__FILE__.':'.__LINE__.': Fetching password : '); my ($dbusername, $md5Password, $cryptPassword) = $fetchPassword->fetchrow_array; - if ($dbusername ne $username) { # User data retrieved from db not for the requested user return 0; |