httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From m...@hyperreal.org
Subject cvs commit: apache-site bugdb.cgi
Date Fri, 08 Oct 1999 23:40:07 GMT
marc        99/10/08 16:40:06

  Modified:    .        bugdb.cgi
  Log:
  Ensure that we validate all input from the user before we pass it
  to any command lines.  If it doesn't look safe, die.  This list
  may be too restrictive in certain cases, but if so it can be dealt
  with.
  
  Revision  Changes    Path
  1.44      +15 -1     apache-site/bugdb.cgi
  
  Index: bugdb.cgi
  ===================================================================
  RCS file: /export/home/cvs/apache-site/bugdb.cgi,v
  retrieving revision 1.43
  retrieving revision 1.44
  diff -u -r1.43 -r1.44
  --- bugdb.cgi	1999/10/08 17:33:11	1.43
  +++ bugdb.cgi	1999/10/08 23:40:06	1.44
  @@ -1,9 +1,10 @@
  -#!/usr/local/bin/perl
  +#!/usr/local/bin/perl -T
   # wwwgnats.pl - a WWW interface to the GNATS bug tracking system
   # Thanks to Larry Wall, CERN, and NCSA for Perl, WWW, and Mosaic!
   
   require "/usr/local/lib/gnats/libgnats.pl";
   use POSIX;
  +$ENV{PATH}="/bin:/usr/bin:/usr/local/bin";
   
   #### Configuration begins here
   
  @@ -369,6 +370,15 @@
       return $str;
   }
   
  +sub check_unsafe
  +{
  +    local($str) = $_[0];
  +    unless($str =~ /^[\w@\.\- ]+$/) {
  +	print "<FONT COLOR=\"red\">INVALID INPUT: $str</FONT>\n";
  +	die("$0: invalid character (breakin attempt?) in \"$str\"");
  +    }
  +}
  +
   # Make text safe to display in an HTML stream
   sub html_escape
   {
  @@ -1223,6 +1233,7 @@
   		$oldval = "nobody|^\$";
   	    }
   	    # Convert this key into a query-pr option
  +	    &check_unsafe($oldval);
   	    $opts = " --originator=\"$oldval\"";
   	    # The originator cares about bugs which are in feedback state.
   	    $opts .= " --state=\"feedback\"";
  @@ -1242,6 +1253,7 @@
   	}
   	if ($nickname ne "") {
   	    # Convert this key into a query-pr option
  +	    &check_unsafe($nickname);
   	    $opts = " --responsible=\"$nickname\"";
   	    # Responsible person cares about bugs which are open or analyzed.
   	    $opts .= " --state=\"open|analyzed\"";
  @@ -1267,6 +1279,8 @@
   		# (Our database sometimes puts underscores instead of spaces).
   		$oldval =~ s/[\s_]/[ _]/g;
   		# Convert this key into a query-pr option
  +		&check_unsafe($oldkey);
  +		&check_unsafe($oldval);
   		$opts .= " --$oldkey=\"$oldval\"";
   	    }
   	}
  
  
  

Mime
View raw message