From: <sco...@us...> - 2003-08-20 18:52:36
|
Update of /cvsroot/gmod/Generic-Genome-Browser/cgi-bin In directory sc8-pr-cvs1:/tmp/cvs-serv25140 Modified Files: gbrowse.PLS Log Message: disallow '../../../../../' etc attack; is this sufficent? Index: gbrowse.PLS =================================================================== RCS file: /cvsroot/gmod/Generic-Genome-Browser/cgi-bin/gbrowse.PLS,v retrieving revision 1.15 retrieving revision 1.16 diff -C2 -d -r1.15 -r1.16 *** gbrowse.PLS 12 Aug 2003 22:31:16 -0000 1.15 --- gbrowse.PLS 20 Aug 2003 18:34:35 -0000 1.16 *************** *** 1986,1989 **** --- 1986,1990 ---- else { + return if (${help_type} =~ /^\.\./); #don't allow ../../../../ etc attack build_help_page("$conf_dir/${help_type}_help.html"); } |