From d649a37823d026d9f0ac9a7c4a67ed39b17cb8b2 Mon Sep 17 00:00:00 2001
From: einhverfr <einhverfr@4979c152-3d1c-0410-bac9-87ea11338e46>
Date: Sat, 21 Oct 2006 02:56:32 +0000
Subject: Fine tuning of whitelisting checks

git-svn-id: https://ledger-smb.svn.sourceforge.net/svnroot/ledger-smb/trunk@244 4979c152-3d1c-0410-bac9-87ea11338e46
---
 LedgerSMB/AM.pm | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

(limited to 'LedgerSMB')

diff --git a/LedgerSMB/AM.pm b/LedgerSMB/AM.pm
index be9e47fe..57c75cb3 100755
--- a/LedgerSMB/AM.pm
+++ b/LedgerSMB/AM.pm
@@ -1235,9 +1235,13 @@ sub check_template_name {
 	my ($self, $myconfig, $form) = @_;
 
 	my @allowedsuff = qw(css tex txt html xml);
-	if ($form->{file} =~ /\.\./){
+	if ($form->{file} =~ /^(.:)*?\/|\.\.\/|^\//){
 		$form->error("Directory transversal not allowed.");
 	}
+	my $userspath = ${main::userspath};
+	if ($form->{file} =~ /^$userspath\//){
+		$form->error("Not allowed to access $userspath/ with this method");
+	}
 	my $whitelisted = 0;
 	for (@allowedsuff){
 		if ($form->{file} =~ /$_$/){
@@ -1248,8 +1252,8 @@ sub check_template_name {
 		$form->error("Error:  File is of type that is not allowed.");
 	}
 
-	if ($form->{file} !~ /^$myconfig->{templates}/){
-		$form->error("$!: $form->{file}") unless $form->{file} =~ /^css/;
+	if ($form->{file} !~ /^$myconfig->{templates}\//){
+		$form->error("Not in a whitelisted directory: $form->{file}") unless $form->{file} =~ /^css\//;
 	}
 }
 
-- 
cgit v1.2.3