[interchange-cvs] interchange - heins modified lib/Vend/Util.pm
interchange-cvs at icdevgroup.org
interchange-cvs at icdevgroup.org
Mon Dec 15 17:55:01 EST 2003
User: heins
Date: 2003-12-15 22:55:01 GMT
Modified: lib/Vend Tag: STABLE_5_0-branch Util.pm
Log:
* Backport possible file security problem with code/SQL injection.
Revision Changes Path
No revision
No revision
2.64.2.1 +8 -2 interchange/lib/Vend/Util.pm
rev 2.64.2.1, prev_rev 2.64
Index: Util.pm
===================================================================
RCS file: /var/cvs/interchange/lib/Vend/Util.pm,v
retrieving revision 2.64
retrieving revision 2.64.2.1
diff -u -r2.64 -r2.64.2.1
--- Util.pm 4 Aug 2003 05:01:37 -0000 2.64
+++ Util.pm 15 Dec 2003 22:55:00 -0000 2.64.2.1
@@ -1,6 +1,6 @@
# Vend::Util - Interchange utility functions
#
-# $Id: Util.pm,v 2.64 2003/08/04 05:01:37 mheins Exp $
+# $Id: Util.pm,v 2.64.2.1 2003/12/15 22:55:00 mheins Exp $
#
# Copyright (C) 2002-2003 Interchange Development Group
# Copyright (C) 1996-2002 Red Hat, Inc.
@@ -87,7 +87,7 @@
use Vend::File;
use subs qw(logError logGlobal);
use vars qw($VERSION @EXPORT @EXPORT_OK);
-$VERSION = substr(q$Revision: 2.64 $, 10);
+$VERSION = substr(q$Revision: 2.64.2.1 $, 10);
my $Eval_routine;
my $Eval_routine_file;
@@ -1024,6 +1024,12 @@
my($fn, $contents, $gate, $pathdir, $dir, $level);
local($/);
+
+ if($file =~ m{[\[<]}) {
+ ::logGlobal("Possible code/SQL injection attempt with file name '%s'", $file);
+ $file = escape_chars($file);
+ ::logGlobal("Suspect file changed to '%s'", $file);
+ }
$Global::Variable->{MV_PREV_PAGE} = $Global::Variable->{MV_PAGE}
if defined $Global::Variable->{MV_PAGE};
More information about the interchange-cvs
mailing list