From 2b96f2d812efca32e3baf3caa9e0f5a09917b03f Mon Sep 17 00:00:00 2001
From: joy <>
Date: Sat, 27 Jan 2001 21:46:27 -0800
Subject: [PATCH] [project @ 2001-01-27 21:46:27 by joy] check for crap in the
 variable that gets passed to the shell

---
 scripts/service.in | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/scripts/service.in b/scripts/service.in
index 08a8f35..5c6e641 100755
--- a/scripts/service.in
+++ b/scripts/service.in
@@ -1,5 +1,5 @@
 #!/usr/bin/perl
-# $Id: service.in,v 1.31 2000/11/22 10:02:51 joy Exp $
+# $Id: service.in,v 1.32 2001/01/27 21:46:27 joy Exp $
 #
 # Usage: service <code>.nn
 # Temps:  incoming/P<code>.nn
@@ -821,6 +821,11 @@ END
 
 sub sendlynxdocraw {
     local ($relpath,$description) = @_;
+# check for crap in $relpath
+    if ($relpath =~ m/^\./ || $relpath !~ m/^[\d\w-+.@]+$/) {
+      &transcript("Invalid request $relpath!\n");
+      return;
+    }
     $doc='';
     open(L,"lynx -nolist -dump http://$gWebDomain/$relpath 2>&1 |") || &quit("fork for lynx: $!");
     while(<L>) { $doc.=$_; }
-- 
2.39.2