From: Don Armstrong <don@volo>
Date: Tue, 20 Feb 2007 08:05:40 +0000 (-0800)
Subject: sanitize the format variable
X-Git-Tag: release/2.6.0~585^2^2~11
X-Git-Url: https://git.donarmstrong.com/?a=commitdiff_plain;h=a377bc5aaff12cb75052d0bea0f44652962b22c9;p=debbugs.git

sanitize the format variable
---

diff --git a/cgi/version.cgi b/cgi/version.cgi
index c1df691..d75edcf 100755
--- a/cgi/version.cgi
+++ b/cgi/version.cgi
@@ -66,6 +66,14 @@ if (defined $cgi_var{height}) {
      $cgi_var{height} = $1;
 }
 
+if (defined $cgi_var{format}) {
+     $cgi_var{format} =~ /(png|svg|jpg|gif)/;
+     $cgi_var{format} = $1 || 'png';
+}
+else {
+     $cgi_var{format} = 'png';
+}
+
 # then figure out which are affected.
 # turn found and fixed into full versions
 @{$cgi_var{found}} = makesourceversions($cgi_var{package},undef,@{$cgi_var{found}});