From a377bc5aaff12cb75052d0bea0f44652962b22c9 Mon Sep 17 00:00:00 2001
From: Don Armstrong <don@volo>
Date: Tue, 20 Feb 2007 00:05:40 -0800
Subject: [PATCH] sanitize the format variable

---
 cgi/version.cgi | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/cgi/version.cgi b/cgi/version.cgi
index c1df6918..d75edcf2 100755
--- a/cgi/version.cgi
+++ b/cgi/version.cgi
@@ -66,6 +66,14 @@ if (defined $cgi_var{height}) {
      $cgi_var{height} = $1;
 }
 
+if (defined $cgi_var{format}) {
+     $cgi_var{format} =~ /(png|svg|jpg|gif)/;
+     $cgi_var{format} = $1 || 'png';
+}
+else {
+     $cgi_var{format} = 'png';
+}
+
 # then figure out which are affected.
 # turn found and fixed into full versions
 @{$cgi_var{found}} = makesourceversions($cgi_var{package},undef,@{$cgi_var{found}});
-- 
2.39.5