[Sandweb-commit] CVS: sandweb/lib/SandWeb/Repository cvs.pm,1.31,1.32

[Rob H. <for...@us...>]

Update of /cvsroot/sandweb/sandweb/lib/SandWeb/Repository
In directory usw-pr-cvs1:/tmp/cvs-serv17665/lib/SandWeb/Repository

Modified Files:
	cvs.pm 
Log Message:
adding Security class, centralizes standard security checks for user input in SandWeb

Index: cvs.pm
===================================================================
RCS file: /cvsroot/sandweb/sandweb/lib/SandWeb/Repository/cvs.pm,v
retrieving revision 1.31
retrieving revision 1.32
diff -U2 -r1.31 -r1.32
--- cvs.pm	17 Aug 2002 02:14:26 -0000	1.31
+++ cvs.pm	26 Aug 2002 06:59:47 -0000	1.32
@@ -28,4 +28,5 @@
 use SandWeb::Diff;
 use SandWeb::Shell;
+use SandWeb::Security;
 
 sub new {
@@ -210,5 +211,5 @@
         my %params = @{ $args{'params'}[0] };
 	my $recurse = $params{'recurse'};
-	my $message = $params{'message'};
+	my $unsafe_message = $params{'message'};
 	my $rev = $params{'rev'};
 	my $date = $params{'date'};
@@ -224,10 +225,14 @@
 	my %return;
 
-	if (!$message) {
+	if (!$unsafe_message) {
 		$output = "There must be a commit message.\n";
 	} else {
 		
-		# Security check - escape unsafe characters
-		$message =~ s/([\<\>\\\&;\`\'\|\"*\?\~\^\(\)\[\]\{\}\$])/\\$1/g;
+		# Security check 
+		my $secure = SandWeb::Security->new();
+
+		my $message = $secure->shell(
+			characters => "$unsafe_message"
+		);
 
 		push @param, " -m \"$message\"";
@@ -558,7 +563,14 @@
 	my $force = $params{'force'};
 	my $check = $params{'check'};
-	my $name = $params{'name'};
+	my $unsafe_name = $params{'name'};
 	my $file = $params{'file'};
 
+	# Security check 
+	my $secure = SandWeb::Secure->new();
+
+	my $name = $secure->shell(
+		characters => "$unsafe_name"
+	);
+
 	my @param = 'tag';
 
@@ -573,7 +585,4 @@
 	$log->debug("Params: @param");
 	$log->debug("File: $file");
-
-	# Security check - escape unsafe characters
-	$name =~ s/([\<\>\\\&;\`\'\|\"*\?\~\^\(\)\[\]\{\}\$])/\\$1/g;
 
 	my %return = $self->shell(