From 69198ce76ad07d212f8d895f82d8555c8e44a8eb Mon Sep 17 00:00:00 2001 From: einhverfr Date: Thu, 22 Mar 2007 04:55:05 +0000 Subject: Adding protection against ADS Windows users in template editor git-svn-id: https://ledger-smb.svn.sourceforge.net/svnroot/ledger-smb/branches/1.2@980 4979c152-3d1c-0410-bac9-87ea11338e46 --- LedgerSMB/AM.pm | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'LedgerSMB') diff --git a/LedgerSMB/AM.pm b/LedgerSMB/AM.pm index 387d9d8b..fb4794f4 100755 --- a/LedgerSMB/AM.pm +++ b/LedgerSMB/AM.pm @@ -1251,7 +1251,7 @@ sub check_template_name { my ($self, $myconfig, $form) = @_; my @allowedsuff = qw(css tex txt html xml); - if ($form->{file} =~ /^(.:)*?\/|\.\.\/|^\//){ + if ($form->{file} =~ /^(.:)*?\/|:|\.\.\/|^\//){ $form->error("Directory transversal not allowed."); } if ($form->{file} =~ /^${LedgerSMB::Sysconfig::userspath}\//){ -- cgit v1.2.3