os/doc
3
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

Plug up a big security hole; never ever pass meta characters to shell!

Browse source 
Submitted by:	Anthony Rubin <tonyr@generalsearch.net>
This commit is contained in:
Akinori MUSHA 2000-12-05 16:22:14 +00:00
parent 4fca213708
commit c28360b875
Notes: svn2git 2020-12-08 03:00:23 +00:00 
svn path=/www/; revision=8480
1 changed files with 4 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

6
en/cgi/query-pr.cgi
View file

@ -1,5 +1,5 @@
#!/usr/bin/perl
# $FreeBSD: www/en/cgi/query-pr.cgi,v 1.20 2000/01/16 02:46:36 chris Exp $
# $FreeBSD: www/en/cgi/query-pr.cgi,v 1.21 2000/07/28 21:21:20 knu Exp $
$ENV{'PATH'} = "/bin:/usr/bin:/usr/sbin:/sbin:/usr/local/bin";
@ -40,7 +40,9 @@ if (!($pr = $input{'pr'}) && &MethGet) {
}
# be tolerant to <category>/<PR id> queries
$pr =~ s%^[a-z][a-z386]+/([0-9]+)$%$1%i;
$pr =~ s%^.+/%; # remove <category>/ part
$pr += 0; # numeralize: "0123" -> 123, "123;evil evil evil" -> 123, etc.
if ($pr < 1 || $pr > 99999) {
print &html_header("FreeBSD Problem Report");