Update of /cvsroot/sandweb/sandweb/lib/SandWeb/Repository
In directory usw-pr-cvs1:/tmp/cvs-serv17665/lib/SandWeb/Repository
Modified Files:
cvs.pm
Log Message:
adding Security class, centralizes standard security checks for user input in SandWeb
Index: cvs.pm
===================================================================
RCS file: /cvsroot/sandweb/sandweb/lib/SandWeb/Repository/cvs.pm,v
retrieving revision 1.31
retrieving revision 1.32
diff -U2 -r1.31 -r1.32
--- cvs.pm 17 Aug 2002 02:14:26 -0000 1.31
+++ cvs.pm 26 Aug 2002 06:59:47 -0000 1.32
@@ -28,4 +28,5 @@
use SandWeb::Diff;
use SandWeb::Shell;
+use SandWeb::Security;
sub new {
@@ -210,5 +211,5 @@
my %params = @{ $args{'params'}[0] };
my $recurse = $params{'recurse'};
- my $message = $params{'message'};
+ my $unsafe_message = $params{'message'};
my $rev = $params{'rev'};
my $date = $params{'date'};
@@ -224,10 +225,14 @@
my %return;
- if (!$message) {
+ if (!$unsafe_message) {
$output = "There must be a commit message.\n";
} else {
- # Security check - escape unsafe characters
- $message =~ s/([\<\>\\\&;\`\'\|\"*\?\~\^\(\)\[\]\{\}\$])/\\$1/g;
+ # Security check
+ my $secure = SandWeb::Security->new();
+
+ my $message = $secure->shell(
+ characters => "$unsafe_message"
+ );
push @param, " -m \"$message\"";
@@ -558,7 +563,14 @@
my $force = $params{'force'};
my $check = $params{'check'};
- my $name = $params{'name'};
+ my $unsafe_name = $params{'name'};
my $file = $params{'file'};
+ # Security check
+ my $secure = SandWeb::Secure->new();
+
+ my $name = $secure->shell(
+ characters => "$unsafe_name"
+ );
+
my @param = 'tag';
@@ -573,7 +585,4 @@
$log->debug("Params: @param");
$log->debug("File: $file");
-
- # Security check - escape unsafe characters
- $name =~ s/([\<\>\\\&;\`\'\|\"*\?\~\^\(\)\[\]\{\}\$])/\\$1/g;
my %return = $self->shell(
|
