diff options
Diffstat (limited to 'LedgerSMB.pm')
| -rwxr-xr-x | LedgerSMB.pm | 10 |
1 files changed, 10 insertions, 0 deletions
diff --git a/LedgerSMB.pm b/LedgerSMB.pm index 3a06bacf..37fbe009 100755 --- a/LedgerSMB.pm +++ b/LedgerSMB.pm @@ -131,6 +131,16 @@ sub new { $self->{lynx} = 1; } + $self->{path} =~ s#\\#/#g; + if (($self->{path}) && ($self->{path} !~ m#^bin/#) + || ($self->{path} =~ m#(\w*/){2,}#)){ + $self->error("Access Denied"); + } + if (($self->{script} =~ m#(..|\\|/)#)){ + $self->error("Access Denied"); + } + + $self; } |