Update of /cvsroot/sandweb/sandweb/lib/SandWeb
In directory sc8-pr-cvs1:/tmp/cvs-serv2778/lib/SandWeb
Modified Files:
Security.pm
Log Message:
fixed security problem, only way around it apparently is to not allow " :(
Index: Security.pm
===================================================================
RCS file: /cvsroot/sandweb/sandweb/lib/SandWeb/Security.pm,v
retrieving revision 1.4
retrieving revision 1.5
diff -U2 -r1.4 -r1.5
--- Security.pm 14 Jan 2003 07:25:01 -0000 1.4
+++ Security.pm 11 Feb 2003 06:37:23 -0000 1.5
@@ -181,4 +181,7 @@
my $characters = $args{'characters'};
+ # Security check - erase forbidden characters
+ $characters =~ s/\"//g;
+
# Security check - escape unsafe characters
$characters =~ s/([\<\>\\\&;\`\'\|\"*\?\~\^\(\)\[\]\{\}\$])/\\$1/g;
|
