Menu
▾
▴
[TWiki-Dev] [SVN] PeterThoeny r30331 - twiki/branches/TWikiRelease06x00/core/lib/TWiki/Store/SearchAlgorithms
|
From: <de...@de...> - 2017-05-07 06:42:35
|
Author: PeterThoeny Date: 2017-05-07 06:39:09 +0000 (Sun, 07 May 2017) New Revision: 30331 Trac url: http://develop.twiki.org/trac/changeset/30331 Modified: twiki/branches/TWikiRelease06x00/core/lib/TWiki/Store/SearchAlgorithms/PurePerl.pm Log: Item7809: Sanitize code -- thanks Max Justicz maxj[at]mit[dot]edu Modified: twiki/branches/TWikiRelease06x00/core/lib/TWiki/Store/SearchAlgorithms/PurePerl.pm =================================================================== --- twiki/branches/TWikiRelease06x00/core/lib/TWiki/Store/SearchAlgorithms/PurePerl.pm 2017-05-07 06:38:02 UTC (rev 30330) +++ twiki/branches/TWikiRelease06x00/core/lib/TWiki/Store/SearchAlgorithms/PurePerl.pm 2017-05-07 06:39:09 UTC (rev 30331) @@ -40,6 +40,9 @@ # Escape /, used as delimiter. This also blocks any attempt to use # the search string to execute programs on the server. $searchString =~ s!/!\\/!g; + # TWikibug:Item7809: Sanitize code: + $searchString =~ s/([\$\@\%]\s*)\{/\\$1\\{/g; # escape blocks + $searchString =~ s/`/\\`/g; # escape back ticks } else { # Escape non-word chars in search string for plain text search $searchString =~ s/(\W)/\\$1/g; |
