Mercurial > hgrepos > hgweb.cgi > s4
changeset 12:262bbdea72e2
Clear taint flag
| author | HIROSE Yuuji <yuuji@gentei.org> |
|---|---|
| date | Tue, 21 Jul 2015 08:02:30 +0900 |
| parents | 3565d93c2fb1 |
| children | f2204bd941d5 |
| files | mpsplit.pl |
| diffstat | 1 files changed, 7 insertions(+), 1 deletions(-) [+] |
line wrap: on
line diff
--- a/mpsplit.pl Mon Jul 20 18:09:20 2015 +0900 +++ b/mpsplit.pl Tue Jul 21 08:02:30 2015 +0900 @@ -1,6 +1,9 @@ #!/usr/bin/env perl $sep = "--" . $ARGV[0]; $dir = ($ARGV[1] || "tmp"); +if ($dir =~ /^([^<>\;\&]*)$/) { + $dir = $1; +} #print "sep=".$sep, "dir=$dir\n"; #binmode STDIN; @@ -23,7 +26,10 @@ $name = $2; #print "name=$name\n"; if ($header =~ /filename=(['\"]?)(.*?)\1/ && $2 gt "") { - $fn = $2; + $fn=$2; + if ($fn =~ /^([^\/]*)$/) { + $fn = $1; + } open(OUT, ">$dir/$fn"); print OUT $body; close(OUT);
