Changeset 7922

Timestamp:

2004-08-10T11:21:08+12:00 (20 years ago)

Author:

davidb

Message:

Improved checking of cgi arguments.

File:

• trunk/gsdl/cgi-bin/launch (modified) (3 diffs)

trunk/gsdl/cgi-bin/launch

@@ -35 +35 @@
     # ensure only alpha-numeric plus a few other special chars
 
-    $val =~ s/[^[:alnum:]@\.\/\-]//g if (defined $val); 
+    $val =~ s/[^[:alnum:]@\.\/\- :]//g if (defined $val); 
 
     return $val;
@@ -50 +50 @@
     foreach my $k ( @arg_keys ) {
     my $arg_val = clean_param($cgi,$k);
-    # ensure only alphanumeric, plus a few special chars
-    $arg_val = safe_val($arg_val);
-    $cmd .= " -$k $arg_val"
+    if ($k eq "about") {
+        # special case (allow most things, but not quotes)
+        $arg_val =~ s/\"/"/g;
+    }
+    else {
+        # ensure only alphanumeric, plus a few special chars
+        $arg_val = safe_val($arg_val);
+    }
+    $cmd .= " -$k";
+    if ($arg_val ne "") {
+        $cmd .= " \"$arg_val\"";
+    }
     }
 
@@ -93 +102 @@
     if (defined $col) {
         chdir("collect/$col");
-        `rm -rf index/*; cp -r building/. index/.`;
+        `rm -rf index; cp -r building index`;
         chdir("../..");
     }