[project @ 2001-01-27 21:46:27 by joy]

check for crap in the variable that gets passed to the shell

diff --git a/scripts/service.in b/scripts/service.in
index 08a8f357cb612b7ace2a0a2e0e2b260f8c246f47..5c6e641460541c5c2d93a18a2b3476bf98193c4e 100755 (executable)
--- a/scripts/service.in
+++ b/scripts/service.in
@@ -1,5 +1,5 @@
 #!/usr/bin/perl
-# $Id: service.in,v 1.31 2000/11/22 10:02:51 joy Exp $
+# $Id: service.in,v 1.32 2001/01/27 21:46:27 joy Exp $
 #
 # Usage: service <code>.nn
 # Temps:  incoming/P<code>.nn
@@ -821,6 +821,11 @@ END
 
 sub sendlynxdocraw {
     local ($relpath,$description) = @_;
+# check for crap in $relpath
+    if ($relpath =~ m/^\./ || $relpath !~ m/^[\d\w-+.@]+$/) {
+      &transcript("Invalid request $relpath!\n");
+      return;
+    }
     $doc='';
     open(L,"lynx -nolist -dump http://$gWebDomain/$relpath 2>&1 |") || &quit("fork for lynx: $!");
     while(<L>) { $doc.=$_; }