Update of /cvsroot/sandweb/sandweb/lib/SandWeb
In directory usw-pr-cvs1:/tmp/cvs-serv18467
Modified Files:
Browse.pm
Log Message:
fixed security prob reported by njennings
Index: Browse.pm
===================================================================
RCS file: /cvsroot/sandweb/sandweb/lib/SandWeb/Browse.pm,v
retrieving revision 1.29
retrieving revision 1.30
diff -U2 -r1.29 -r1.30
--- Browse.pm 2002/01/23 21:04:47 1.29
+++ Browse.pm 2002/01/26 22:12:24 1.30
@@ -61,6 +61,7 @@
if ($path) {
- # Security check, no "/.." allowed mister!
+ # Security check, no "/.." or "../" allowed mister!
$path =~ s:/\.\.::g;
+ $path =~ s:\.\./::g;
$location = $path;
} else {
|
