[Bug 14408] Path traversal vulnerabilty
23 Jun
2015
23 Jun
'15
1:54 p.m.
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=14408 --- Comment #27 from Jonathan Druart <jonathan.druart@biblibre.com> --- (In reply to Fridolin SOMERS from comment #26)
also, minor error : dot must be espaced in regexp and I dont understand why there is a "?" at the end : ^[$safe_chars]+\.tt$
Do I create a new Bug ?
Chris, I would say this changes could do the trick: - die "bad template path" unless $in->{'template_name'} =~ m/^[$safe_chars]+.tt?$/ig; #sanitize input + die "bad template path" unless $in->{'template_name'} =~ m/^[$safe_chars]+\.tt$/ig; #sanitize input -- You are receiving this mail because: You are the assignee for the bug. You are watching all bug changes.
4040
Age (days ago)
4040
Last active (days ago)
0 comments
1 participants
participants (1)
-
bugzilla-daemon@bugs.koha-community.org