From 64febd669873e6a76293eb666941b4b47e8cd829 Mon Sep 17 00:00:00 2001
From: einhverfr <einhverfr@4979c152-3d1c-0410-bac9-87ea11338e46>
Date: Mon, 19 Mar 2007 18:28:32 +0000
Subject: Adding sanity checks to path and script

git-svn-id: https://ledger-smb.svn.sourceforge.net/svnroot/ledger-smb/branches/1.2@947 4979c152-3d1c-0410-bac9-87ea11338e46
---
 LedgerSMB/Form.pm | 12 ++++++++++++
 1 file changed, 12 insertions(+)

(limited to 'LedgerSMB')

diff --git a/LedgerSMB/Form.pm b/LedgerSMB/Form.pm
index 0785caf5..9f37ad09 100755
--- a/LedgerSMB/Form.pm
+++ b/LedgerSMB/Form.pm
@@ -69,6 +69,7 @@ sub new {
 		$self->{nextsub} =~ s/( |-|,|\#|\/|\.$)/_/g;
 	}
 
+
 	$self->{menubar} = 1 if $self->{path} =~ /lynx/i;
 	#menubar will be deprecated, replaced with below
 	$self->{lynx} = 1 if $self->{path} =~ /lynx/i;
@@ -78,6 +79,17 @@ sub new {
 
 	bless $self, $type;
 
+	$self->{path} =~ s#\\#/#g;
+	if (($self->{path}) && ($self->{path} !~ m#^bin/#) 
+				|| ($self->{path} =~ m#(\w*/){2,}#)){
+		$self->error("Access Denied");
+	}
+	if (($self->{script} =~ m#(..|\\|/)#)){
+		$self->error("Access Denied");
+	}
+		
+		
+
 	if (($self->{action} =~ /:/) || ($self->{nextsub} =~ /:/)){
 		$self->error("Access Denied");
 	}
-- 
cgit v1.2.3