[interchange-cvs] interchange - heins modified lib/Vend/Util.pm
interchange-cvs at icdevgroup.org
interchange-cvs at icdevgroup.org
Mon Dec 15 17:25:31 EST 2003
User: heins
Date: 2003-12-15 22:25:31 GMT
Modified: lib/Vend Tag: STABLE_4_8-branch Util.pm
Log:
* Fix possible SQL/code injection vector
Revision Changes Path
No revision
No revision
2.1.2.14 +8 -2 interchange/lib/Vend/Util.pm
rev 2.1.2.14, prev_rev 2.1.2.13
Index: Util.pm
===================================================================
RCS file: /var/cvs/interchange/lib/Vend/Util.pm,v
retrieving revision 2.1.2.13
retrieving revision 2.1.2.14
diff -u -r2.1.2.13 -r2.1.2.14
--- Util.pm 24 Jan 2003 06:51:52 -0000 2.1.2.13
+++ Util.pm 15 Dec 2003 22:25:30 -0000 2.1.2.14
@@ -1,6 +1,6 @@
# Vend::Util - Interchange utility functions
#
-# $Id: Util.pm,v 2.1.2.13 2003/01/24 06:51:52 jon Exp $
+# $Id: Util.pm,v 2.1.2.14 2003/12/15 22:25:30 mheins Exp $
#
# Copyright (C) 1996-2003 Red Hat, Inc. and
# Interchange Development Group, http://www.icdevgroup.org/
@@ -75,7 +75,7 @@
use Errno;
use subs qw(logError logGlobal);
use vars qw($VERSION @EXPORT @EXPORT_OK);
-$VERSION = substr(q$Revision: 2.1.2.13 $, 10);
+$VERSION = substr(q$Revision: 2.1.2.14 $, 10);
BEGIN {
eval {
@@ -892,6 +892,12 @@
my($file, $only) = @_;
my($fn, $contents, $gate, $pathdir, $dir, $level);
local($/);
+
+ if($file =~ m{[\[<]}) {
+ ::logGlobal("Possible code/SQL injection attempt with file name '%s'", $file);
+ $file = escape_chars($file);
+ ::logGlobal("Suspect file changed to '%s'", $file);
+ }
$Global::Variable->{MV_PREV_PAGE} = $Global::Variable->{MV_PAGE}
if defined $Global::Variable->{MV_PAGE};
More information about the interchange-cvs
mailing list