Advanced
Mailing List Archive

Mailing List Archive

  1. Home >
  2. SpamAssassin>
  3. commits
svn commit: r1891283 - /spamassassin/trunk/masses/rule-qa/automc/ruleqa.cgi
hege at apache
Jul 5, 2021, 5:47 AM
Post #1 of 1 (55 views)
Permalink
Author: hege
Date: Mon Jul 5 12:47:06 2021
New Revision: 1891283

URL: http://svn.apache.org/viewvc?rev=1891283&view=rev
Log:
Sanitize parameters

Modified:
spamassassin/trunk/masses/rule-qa/automc/ruleqa.cgi

Modified: spamassassin/trunk/masses/rule-qa/automc/ruleqa.cgi
URL: http://svn.apache.org/viewvc/spamassassin/trunk/masses/rule-qa/automc/ruleqa.cgi?rev=1891283&r1=1891282&r2=1891283&view=diff
==============================================================================
--- spamassassin/trunk/masses/rule-qa/automc/ruleqa.cgi (original)
+++ spamassassin/trunk/masses/rule-qa/automc/ruleqa.cgi Mon Jul 5 12:47:06 2021
@@ -239,6 +239,7 @@ sub ui_get_rules {

# which rules?
$self->{rule} = $self->{q}->param('rule') || '';
+ $self->{rule} =~ s/[^_0-9a-zA-Z\/]//gs; # Sanitize
$self->{rules_all} = 0;
$self->{rules_grep} = 0;
$self->{nicerule} = $self->{rule};
@@ -250,7 +251,9 @@ sub ui_get_rules {
}

$self->{srcpath} = $self->{q}->param('srcpath') || '';
+ $self->{srcpath} =~ s/[^.,_0-9a-zA-Z\/-]//gs; # Sanitize
$self->{mtime} = $self->{q}->param('mtime') || '';
+ $self->{mtime} =~ s/[^0-9]//gs; # Sanitize

$self->{freqs}{head} = { };
$self->{freqs}{data} = { };

©2024 GT.net. A Gossamer Threads company.
5th Floor, 455 Granville St., Vancouver, BC V6C 1T1, Canada | Legal