From 69198ce76ad07d212f8d895f82d8555c8e44a8eb Mon Sep 17 00:00:00 2001
From: einhverfr <einhverfr@4979c152-3d1c-0410-bac9-87ea11338e46>
Date: Thu, 22 Mar 2007 04:55:05 +0000
Subject: Adding protection against ADS Windows users in template editor

git-svn-id: https://ledger-smb.svn.sourceforge.net/svnroot/ledger-smb/branches/1.2@980 4979c152-3d1c-0410-bac9-87ea11338e46
---
 LedgerSMB/AM.pm | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'LedgerSMB')

diff --git a/LedgerSMB/AM.pm b/LedgerSMB/AM.pm
index 387d9d8b..fb4794f4 100755
--- a/LedgerSMB/AM.pm
+++ b/LedgerSMB/AM.pm
@@ -1251,7 +1251,7 @@ sub check_template_name {
 	my ($self, $myconfig, $form) = @_;
 
 	my @allowedsuff = qw(css tex txt html xml);
-	if ($form->{file} =~ /^(.:)*?\/|\.\.\/|^\//){
+	if ($form->{file} =~ /^(.:)*?\/|:|\.\.\/|^\//){
 		$form->error("Directory transversal not allowed.");
 	}
 	if ($form->{file} =~ /^${LedgerSMB::Sysconfig::userspath}\//){
-- 
cgit v1.2.3