From 354e38675b5c2e0e97212193e008bf603688f516 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Antoine=20Beaupr=C3=A9?= <anarcat@anarcat.ath.cx>
Date: Wed, 29 Nov 2006 04:02:41 +0000
Subject: [PATCH] remove quotemeta everywhere, and make sure variables are safe
 before using them. Closes: #1003

---
 src/mail_add   | 4 ++--
 src/mail_del   | 4 ++--
 src/mem_del    | 4 ++--
 src/quota_edit | 2 +-
 src/quota_get  | 2 +-
 5 files changed, 8 insertions(+), 8 deletions(-)

diff --git a/src/mail_add b/src/mail_add
index 5f4ece4d..c6856fec 100755
--- a/src/mail_add
+++ b/src/mail_add
@@ -13,7 +13,7 @@ if (!$mailname || !$uid) {
 $ENV{PATH} = "";
 delete @ENV{'IFS', 'CDPATH', 'ENV', 'BASH_ENV'};
 
-if (!($mailname =~ /^([a-z0-9_\+\.-]+\_[a-z0-9\.-]+)$/)) {
+if (!($mailname =~ /^([a-z0-9_\+\.][a-z0-9_\+\.-]+\_[a-z0-9\.-]+)$/)) {
     die "Email is incorrect.";
 }
 $mailname=$1;
@@ -37,7 +37,7 @@ my @todo=(
 
 foreach(@todo) {
     mkdir($_);
-    system("/bin/chown 33:$uid '".quotemeta($_)."'");
+    system("/bin/chown 33:$uid '$_'");
 }
 
 0;
diff --git a/src/mail_del b/src/mail_del
index d36f1070..f590020a 100755
--- a/src/mail_del
+++ b/src/mail_del
@@ -13,7 +13,7 @@ if (!$mailname) {
 $ENV{PATH} = "";
 delete @ENV{'IFS', 'CDPATH', 'ENV', 'BASH_ENV'};
 
-if (!($mailname =~ /^([a-z0-9_\+\.-]+\_[a-z0-9\.-]+)$/)) {
+if (!($mailname =~ /^([a-z0-9_\+-][a-z0-9_\+\.-]+\_[a-z0-9\.-]+)$/)) {
     die "Email is incorrect.";
 }
 $mailname=$1;
@@ -21,7 +21,7 @@ $mailname=$1;
 $< = $>;
 $( = $);
 
-system("/bin/rm -rf '".quotemeta("/var/alternc/mail/".substr($mailname,0,1)."/".$mailname)."'");
+system("/bin/rm -rf '/var/alternc/mail/".substr($mailname,0,1)."/".$mailname."'");
 
 0;
 
diff --git a/src/mem_del b/src/mem_del
index ecc874fe..500352eb 100755
--- a/src/mem_del
+++ b/src/mem_del
@@ -13,7 +13,7 @@ if (!$name) {
 $ENV{PATH} = "";
 delete @ENV{'IFS', 'CDPATH', 'ENV', 'BASH_ENV'};
 
-if (!($name =~ /^([a-z0-9_\+\.-]+)$/)) {
+if (!($name =~ /^([a-z0-9]+)$/)) {
     die "Account name is incorrect.";
 }
 $name=$1;
@@ -23,6 +23,6 @@ $( = $);
 
 my $PTH="/var/alternc/html/".substr($name,0,1)."/".$name;
 
-system("/bin/rm -rf '".quotemeta($PTH)."'");
+system("/bin/rm -rf '$PTH'");
 
 0;
diff --git a/src/quota_edit b/src/quota_edit
index f21cb352..a186c780 100755
--- a/src/quota_edit
+++ b/src/quota_edit
@@ -26,7 +26,7 @@ $size=$1;
 $< = $>;
 $( = $);
 
-my $PTH="/usr/lib/alternc/quota_edit.sh '".quotemeta($uid)."' '".quotemeta($size)."'";
+my $PTH="/usr/lib/alternc/quota_edit.sh '$uid' '$size'";
 
 system($PTH);
 
diff --git a/src/quota_get b/src/quota_get
index 34c6dc11..ba816eb3 100755
--- a/src/quota_get
+++ b/src/quota_get
@@ -21,7 +21,7 @@ $uid=$1;
 $< = $>;
 $( = $);
 
-my $PTH="/usr/lib/alternc/quota_get.sh '".quotemeta($uid)."'";
+my $PTH="/usr/lib/alternc/quota_get.sh '$uid'";
 
 system($PTH);