[Koha-bugs] [Bug 14408] Path traversal vulnerabilty
bugzilla-daemon at bugs.koha-community.org
bugzilla-daemon at bugs.koha-community.org
Tue Jun 23 13:54:55 CEST 2015
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=14408
--- Comment #27 from Jonathan Druart <jonathan.druart at biblibre.com> ---
(In reply to Fridolin SOMERS from comment #26)
> also, minor error :
> dot must be espaced in regexp and I dont understand why there is a "?" at
> the end :
> ^[$safe_chars]+\.tt$
>
> Do I create a new Bug ?
Chris, I would say this changes could do the trick:
- die "bad template path" unless $in->{'template_name'} =~
m/^[$safe_chars]+.tt?$/ig; #sanitize input
+ die "bad template path" unless $in->{'template_name'} =~
m/^[$safe_chars]+\.tt$/ig; #sanitize input
--
You are receiving this mail because:
You are the assignee for the bug.
You are watching all bug changes.
More information about the Koha-bugs
mailing list