From: minima <minima>
Date: Mon, 21 Mar 2005 20:49:13 +0000 (+0000)
Subject: add some security fixes
X-Git-Tag: R_1_52~75
X-Git-Url: http://dxcluster.org/gitweb/gitweb.cgi?a=commitdiff_plain;h=526e7127d7eb6d8e2f2a4cffd782c4c87f0d1742;hp=3196486ff0a78459e1b88b3847d255a62fd17895;p=spider.git

add some security fixes
---

diff --git a/perl/DXCommandmode.pm b/perl/DXCommandmode.pm
index 4dbeb863..f5ef8e28 100644
--- a/perl/DXCommandmode.pm
+++ b/perl/DXCommandmode.pm
@@ -439,7 +439,9 @@ sub run_cmd
 	if ($cmd) {
 		# strip out // and .. on command only
 		$cmd =~ s|//|/|g;
-		$cmd =~ s|\.+|\.|g;
+		$cmd =~ s|\.+||g;		# no dots allowed
+		$cmd =~ s|^/||g;		# no leading / either
+		$cmd =~ s|[^-\w/]||g;	# and no funny characters
 					
 		my ($path, $fcmd);