[Lxr-commits] CVS: lxr/lib/LXR Common.pm,1.46,1.47 Config.pm,1.27,1.28
Brought to you by:
ajlittoz
From: Dave B. <bro...@us...> - 2004-07-15 14:41:23
|
Update of /cvsroot/lxr/lxr/lib/LXR In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv15328/lib/LXR Modified Files: Common.pm Config.pm Log Message: allow all special characters through http parms so we we can do rexeps. but using taint checking now and handle quotes properly in forms Index: Common.pm =================================================================== RCS file: /cvsroot/lxr/lxr/lib/LXR/Common.pm,v retrieving revision 1.46 retrieving revision 1.47 diff -u -d -r1.46 -r1.47 --- Common.pm 13 Jul 2004 13:39:44 -0000 1.46 +++ Common.pm 15 Jul 2004 14:41:04 -0000 1.47 @@ -55,7 +55,6 @@ $tmpcounter = 23; - sub warning { my $c = join(", line ", (caller)[0,2]); print(STDERR "[",scalar(localtime),"] warning: $c: $_[0]\n"); @@ -183,11 +182,6 @@ # Paranoia check. Regexp-searches in Glimpse won't work. # if ($t =~ tr/;<>*|\`&$!#()[]{}:\'\"//) { - # Should be sufficient to keep "open" from doing unexpected stuff. - if ($t =~ tr/<>|\"\'\`//) { - &abortall("Illegal characters in HTTP-parameters."); - } - return($t); } @@ -609,15 +603,15 @@ } elsif ($who eq 'ident') { my $i = $HTTP->{'param'}->{'i'}; - return $config->sourcerootname.' identfier search'.($i ? " \"$i\"" : ''); + return $config->sourcerootname.' identfier search'.($i ? ": $i" : ''); } elsif ($who eq 'search') { my $s = $HTTP->{'param'}->{'string'}; - return $config->sourcerootname.' freetext search'.($s ? " \"$s\"" : ''); + return $config->sourcerootname.' freetext search'.($s ? ": $s" : ''); } elsif ($who eq 'find') { my $s = $HTTP->{'param'}->{'string'}; - return $config->sourcerootname.' file search'.($s ? " \"$s\"" : ''); + return $config->sourcerootname.' file search'.($s ? ": $s" : ''); } } Index: Config.pm =================================================================== RCS file: /cvsroot/lxr/lxr/lib/LXR/Config.pm,v retrieving revision 1.27 retrieving revision 1.28 diff -u -d -r1.27 -r1.28 --- Config.pm 5 Jun 2003 15:39:15 -0000 1.27 +++ Config.pm 15 Jul 2004 14:41:04 -0000 1.28 @@ -79,8 +79,10 @@ $$self{'confpath'} = $confpath; local($/) = undef; + my $config_contents = <CONFIG>; + $config_contents =~ /(.*)/s ; $config_contents = $1; #untaint it my @config = eval("\n#line 1 \"configuration file\"\n". - <CONFIG>); + $config_contents); die($@) if $@; my $config; |