kienan
/
AlternC
mirror of https://github.com/kienanstewart/AlternC.git
1
0
Fork 0
Code Issues Releases Wiki Activity

use same regexp for allowed usernames as in the php code 

(m_admin::add_mem())

do not quote_meta in shell command, since all variables are now
considered safe

see #998
see #427
This commit is contained in:
Antoine Beaupré 2006-11-28 00:56:51 +00:00
parent c6109e63ea
commit 6e63ed701b
1 changed files with 3 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
src/mem_add
View File

@ -13,7 +13,7 @@ if (!$name || !$uid) {
$ENV{PATH} = "";
delete @ENV{'IFS', 'CDPATH', 'ENV', 'BASH_ENV'};
if (!($name =~ /^([a-z0-9_\+\.-]+)$/)) {
if (!($name =~ /^([a-z0-9]+)$/)) {
die "Account name is incorrect.";
}
$name=$1;
@ -28,8 +28,8 @@ $( = $);
my $PTH="/var/alternc/html/".substr($name,0,1)."/".$name;
mkdir($PTH);
system("/bin/chown 33:$uid '".quotemeta($PTH)."'");
system("/bin/chmod 02770 '".quotemeta($PTH)."'");
system("/bin/chown 33:$uid '$PTH'");
system("/bin/chmod 02770 '$PTH'");
0;