Menu
▾
▴
[Gmod-gbrowse-cmts] Generic-Genome-Browser/cgi-bin gbrowse.PLS,1.16,1.17
|
From: <ls...@us...> - 2003-08-25 18:17:36
|
Update of /cvsroot/gmod/Generic-Genome-Browser/cgi-bin
In directory sc8-pr-cvs1:/tmp/cvs-serv4070/cgi-bin
Modified Files:
gbrowse.PLS
Log Message:
more generalized fix for the /etc/passwd-reading bug
Index: gbrowse.PLS
===================================================================
RCS file: /cvsroot/gmod/Generic-Genome-Browser/cgi-bin/gbrowse.PLS,v
retrieving revision 1.16
retrieving revision 1.17
diff -C2 -d -r1.16 -r1.17
*** gbrowse.PLS 20 Aug 2003 18:34:35 -0000 1.16
--- gbrowse.PLS 25 Aug 2003 18:13:34 -0000 1.17
***************
*** 54,57 ****
--- 54,58 ----
use Text::Shellwords;
use File::Basename 'basename';
+ use File::Spec;
#use Carp qw(:DEFAULT croak);
use CGI qw(:standard escape escapeHTML center *table *dl *TR *td);
***************
*** 1986,1990 ****
else {
! return if (${help_type} =~ /^\.\./); #don't allow ../../../../ etc attack
build_help_page("$conf_dir/${help_type}_help.html");
}
--- 1987,1994 ----
else {
! my @components = File::Spec->splitdir($help_type);
! my $updir = File::Spec->updir;
! my $bad = grep { /^$updir$/ } @components;
! return if $bad;
build_help_page("$conf_dir/${help_type}_help.html");
}
|