Menu
▾
▴
[TWiki-Dev] [SVN] PeterThoeny r30330 - twiki/trunk/core/lib/TWiki/Store/SearchAlgorithms
|
From: <de...@de...> - 2017-05-07 06:41:31
|
Author: PeterThoeny Date: 2017-05-07 06:38:02 +0000 (Sun, 07 May 2017) New Revision: 30330 Trac url: http://develop.twiki.org/trac/changeset/30330 Modified: twiki/trunk/core/lib/TWiki/Store/SearchAlgorithms/PurePerl.pm Log: Item7809: Sanitize code -- thanks Max Justicz maxj[at]mit[dot]edu Modified: twiki/trunk/core/lib/TWiki/Store/SearchAlgorithms/PurePerl.pm =================================================================== --- twiki/trunk/core/lib/TWiki/Store/SearchAlgorithms/PurePerl.pm 2017-04-11 21:41:14 UTC (rev 30329) +++ twiki/trunk/core/lib/TWiki/Store/SearchAlgorithms/PurePerl.pm 2017-05-07 06:38:02 UTC (rev 30330) @@ -40,6 +40,9 @@ # Escape /, used as delimiter. This also blocks any attempt to use # the search string to execute programs on the server. $searchString =~ s!/!\\/!g; + # TWikibug:Item7809: Sanitize code: + $searchString =~ s/([\$\@\%]\s*)\{/\\$1\\{/g; # escape blocks + $searchString =~ s/`/\\`/g; # escape back ticks } else { # Escape non-word chars in search string for plain text search $searchString =~ s/(\W)/\\$1/g; |
