aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorStefan Ritter <xeno@goliath.thehappy.de>2009-07-21 17:27:23 +0200
committerStefan Ritter <xeno@goliath.thehappy.de>2009-07-21 17:27:23 +0200
commit479e4490bcc1ba594ffaefc4b4a6fc6d7bb53126 (patch)
tree2b28aa8d7f010d53a2de269bfad32afc3a54f6eb
parent620353422308d99f7f3cd54167166b27a613711b (diff)
Fixed a grave security issue
-rwxr-xr-xblogthon.cgi8
1 files changed, 7 insertions, 1 deletions
diff --git a/blogthon.cgi b/blogthon.cgi
index 41359a2..8fa1c7d 100755
--- a/blogthon.cgi
+++ b/blogthon.cgi
@@ -123,9 +123,15 @@ except: errorpage("newest_first")
# Read POST Variables
action = cgi.FieldStorage()
month_display = action.getvalue('m')
+
static_display = action.getvalue('s')
+if static_display: static_display = re.sub('/', '', static_display)
+
post_display = action.getvalue('p')
-if post_display: post_display = re.sub(' ', '-', post_display)
+if post_display:
+ post_display = re.sub(' ', '-', post_display)
+ post_display = re.sub('/', '', post_display)
+
allentries_display = action.getvalue('a')
feed_display = action.getvalue('feed')
if not month_display: month_display = ""