taint mode fixes

svn path=/www/; revision=29150
2006-11-30 20:36:31 +00:00 · 2006-11-30 20:36:31 +00:00 · 2e48c6cb17 · 2020-12-08 03:00:23 +00:00
commit 2e48c6cb17
parent ef74ff8206
1 changed files with 8 additions and 1 deletions
--- a/en/cgi/mailindex.cgi
+++ b/en/cgi/mailindex.cgi
@ -24,7 +24,7 @@
 # OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 # SUCH DAMAGE.
 #
-# $FreeBSD: www/en/cgi/mailindex.cgi,v 1.7 2005/10/31 15:25:05 fenner Exp $
+# $FreeBSD: www/en/cgi/mailindex.cgi,v 1.8 2006/03/24 06:24:41 kuriyama Exp $


 use CGI;
@ -67,6 +67,13 @@ if (!$file) {

 # forbid link to parent directories
 $file =~ s%\.\./%%g;
+if ($file =~ m,^([0-9a-z/-]+)$,) {
+    $file = $1;
+} else {
+    print "Unknown file name given\n";
+    exit;
+} 
+	

 sub file_not_exists {
    my $file = shift;