Menu
▾
▴
[Sandweb-commit] CVS: sandweb/lib/SandWeb/Repository cvs.pm,1.30,1.31
|
From: Rob H. <for...@us...> - 2002-08-17 02:14:47
|
Update of /cvsroot/sandweb/sandweb/lib/SandWeb/Repository
In directory usw-pr-cvs1:/tmp/cvs-serv19875/lib/SandWeb/Repository
Modified Files:
cvs.pm
Log Message:
check for bad shell characters and escape them, for commit() and tag() methods ( the only ones that accept user input)
Index: cvs.pm
===================================================================
RCS file: /cvsroot/sandweb/sandweb/lib/SandWeb/Repository/cvs.pm,v
retrieving revision 1.30
retrieving revision 1.31
diff -U2 -r1.30 -r1.31
--- cvs.pm 16 Aug 2002 23:19:04 -0000 1.30
+++ cvs.pm 17 Aug 2002 02:14:26 -0000 1.31
@@ -227,5 +227,9 @@
$output = "There must be a commit message.\n";
} else {
- push @param, " -m '$message'";
+
+ # Security check - escape unsafe characters
+ $message =~ s/([\<\>\\\&;\`\'\|\"*\?\~\^\(\)\[\]\{\}\$])/\\$1/g;
+
+ push @param, " -m \"$message\"";
if ($log) {
$log->debug("Performing commit operation");
@@ -569,4 +573,7 @@
$log->debug("Params: @param");
$log->debug("File: $file");
+
+ # Security check - escape unsafe characters
+ $name =~ s/([\<\>\\\&;\`\'\|\"*\?\~\^\(\)\[\]\{\}\$])/\\$1/g;
my %return = $self->shell(
|
