kienan
/
AlternC
mirror of https://github.com/kienanstewart/AlternC.git
1
0
Fork 0
Code Issues Releases Wiki Activity

remove quotemeta everywhere, and make sure variables are safe before using them. Closes: #1003

This commit is contained in:
Antoine Beaupré 2006-11-29 04:02:41 +00:00
parent b18b83004e
commit 354e38675b
5 changed files with 8 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
src/mail_add
View File

@ -13,7 +13,7 @@ if (!$mailname || !$uid) {
$ENV{PATH} = "";
delete @ENV{'IFS', 'CDPATH', 'ENV', 'BASH_ENV'};
if (!($mailname =~ /^([a-z0-9_\+\.-]+\_[a-z0-9\.-]+)$/)) {
if (!($mailname =~ /^([a-z0-9_\+\.][a-z0-9_\+\.-]+\_[a-z0-9\.-]+)$/)) {
die "Email is incorrect.";
}
$mailname=$1;
@ -37,7 +37,7 @@ my @todo=(
foreach(@todo) {
mkdir($_);
system("/bin/chown 33:$uid '".quotemeta($_)."'");
system("/bin/chown 33:$uid '$_'");
}
0;

4
src/mail_del
View File

@ -13,7 +13,7 @@ if (!$mailname) {
$ENV{PATH} = "";
delete @ENV{'IFS', 'CDPATH', 'ENV', 'BASH_ENV'};
if (!($mailname =~ /^([a-z0-9_\+\.-]+\_[a-z0-9\.-]+)$/)) {
if (!($mailname =~ /^([a-z0-9_\+-][a-z0-9_\+\.-]+\_[a-z0-9\.-]+)$/)) {
die "Email is incorrect.";
}
$mailname=$1;
@ -21,7 +21,7 @@ $mailname=$1;
$< = $>;
$( = $);
system("/bin/rm -rf '".quotemeta("/var/alternc/mail/".substr($mailname,0,1)."/".$mailname)."'");
system("/bin/rm -rf '/var/alternc/mail/".substr($mailname,0,1)."/".$mailname."'");
0;

4
src/mem_del
View File

@ -13,7 +13,7 @@ if (!$name) {
$ENV{PATH} = "";
delete @ENV{'IFS', 'CDPATH', 'ENV', 'BASH_ENV'};
if (!($name =~ /^([a-z0-9_\+\.-]+)$/)) {
if (!($name =~ /^([a-z0-9]+)$/)) {
die "Account name is incorrect.";
}
$name=$1;
@ -23,6 +23,6 @@ $( = $);
my $PTH="/var/alternc/html/".substr($name,0,1)."/".$name;
system("/bin/rm -rf '".quotemeta($PTH)."'");
system("/bin/rm -rf '$PTH'");
0;

2
src/quota_edit
View File

@ -26,7 +26,7 @@ $size=$1;
$< = $>;
$( = $);
my $PTH="/usr/lib/alternc/quota_edit.sh '".quotemeta($uid)."' '".quotemeta($size)."'";
my $PTH="/usr/lib/alternc/quota_edit.sh '$uid' '$size'";
system($PTH);

2
src/quota_get
View File

@ -21,7 +21,7 @@ $uid=$1;
$< = $>;
$( = $);
my $PTH="/usr/lib/alternc/quota_get.sh '".quotemeta($uid)."'";
my $PTH="/usr/lib/alternc/quota_get.sh '$uid'";
system($PTH);