From 479e4490bcc1ba594ffaefc4b4a6fc6d7bb53126 Mon Sep 17 00:00:00 2001
From: Stefan Ritter <xeno@goliath.thehappy.de>
Date: Tue, 21 Jul 2009 17:27:23 +0200
Subject: Fixed a grave security issue

---
 blogthon.cgi | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/blogthon.cgi b/blogthon.cgi
index 41359a2..8fa1c7d 100755
--- a/blogthon.cgi
+++ b/blogthon.cgi
@@ -123,9 +123,15 @@ except: errorpage("newest_first")
 # Read POST Variables
 action = cgi.FieldStorage()
 month_display = action.getvalue('m')
+
 static_display = action.getvalue('s')
+if static_display: static_display = re.sub('/', '', static_display)
+
 post_display = action.getvalue('p')
-if post_display: post_display = re.sub(' ', '-', post_display)
+if post_display:
+		post_display = re.sub(' ', '-', post_display)
+		post_display = re.sub('/', '', post_display)
+
 allentries_display = action.getvalue('a')
 feed_display = action.getvalue('feed')
 if not month_display: month_display = ""
-- 
cgit v1.2.3