Author: PeterThoeny
Date: 2017-05-07 06:39:09 +0000 (Sun, 07 May 2017)
New Revision: 30331
Trac url: http://develop.twiki.org/trac/changeset/30331
Modified:
twiki/branches/TWikiRelease06x00/core/lib/TWiki/Store/SearchAlgorithms/PurePerl.pm
Log:
Item7809: Sanitize code -- thanks Max Justicz maxj[at]mit[dot]edu
Modified: twiki/branches/TWikiRelease06x00/core/lib/TWiki/Store/SearchAlgorithms/PurePerl.pm
===================================================================
--- twiki/branches/TWikiRelease06x00/core/lib/TWiki/Store/SearchAlgorithms/PurePerl.pm 2017-05-07 06:38:02 UTC (rev 30330)
+++ twiki/branches/TWikiRelease06x00/core/lib/TWiki/Store/SearchAlgorithms/PurePerl.pm 2017-05-07 06:39:09 UTC (rev 30331)
@@ -40,6 +40,9 @@
# Escape /, used as delimiter. This also blocks any attempt to use
# the search string to execute programs on the server.
$searchString =~ s!/!\\/!g;
+ # TWikibug:Item7809: Sanitize code:
+ $searchString =~ s/([\$\@\%]\s*)\{/\\$1\\{/g; # escape blocks
+ $searchString =~ s/`/\\`/g; # escape back ticks
} else {
# Escape non-word chars in search string for plain text search
$searchString =~ s/(\W)/\\$1/g;
|
