From: <ls...@us...> - 2003-08-25 18:17:36
|
Update of /cvsroot/gmod/Generic-Genome-Browser/cgi-bin In directory sc8-pr-cvs1:/tmp/cvs-serv4070/cgi-bin Modified Files: gbrowse.PLS Log Message: more generalized fix for the /etc/passwd-reading bug Index: gbrowse.PLS =================================================================== RCS file: /cvsroot/gmod/Generic-Genome-Browser/cgi-bin/gbrowse.PLS,v retrieving revision 1.16 retrieving revision 1.17 diff -C2 -d -r1.16 -r1.17 *** gbrowse.PLS 20 Aug 2003 18:34:35 -0000 1.16 --- gbrowse.PLS 25 Aug 2003 18:13:34 -0000 1.17 *************** *** 54,57 **** --- 54,58 ---- use Text::Shellwords; use File::Basename 'basename'; + use File::Spec; #use Carp qw(:DEFAULT croak); use CGI qw(:standard escape escapeHTML center *table *dl *TR *td); *************** *** 1986,1990 **** else { ! return if (${help_type} =~ /^\.\./); #don't allow ../../../../ etc attack build_help_page("$conf_dir/${help_type}_help.html"); } --- 1987,1994 ---- else { ! my @components = File::Spec->splitdir($help_type); ! my $updir = File::Spec->updir; ! my $bad = grep { /^$updir$/ } @components; ! return if $bad; build_help_page("$conf_dir/${help_type}_help.html"); } |