/[meteor]/googlecode.com/svn/trunk/Meteor/Document.pm
This is repository of my old source code which isn't updated any more. Go to git.rot13.org for current projects!
ViewVC logotype

Diff of /googlecode.com/svn/trunk/Meteor/Document.pm

Parent Directory Parent Directory | Revision Log Revision Log | View Patch Patch

revision 10 by andrew.betts, Thu Dec 14 10:45:43 2006 UTC revision 12 by knops.gerd, Thu Dec 14 16:58:18 2006 UTC
# Line 135  sub pathToAbsolute { Line 135  sub pathToAbsolute {
135          $relPath=~s/^[\/]*//;          $relPath=~s/^[\/]*//;
136          $relPath=~s/[\/]*$//;          $relPath=~s/[\/]*$//;
137                    
         # split into path components  
         my @pathComponents=split(/[\/]+/,$relPath);  
138                    
139          # Check components          # NOTE: With the right strings the code below triggers a bug in
140          foreach (@pathComponents)          # perl (5.8.6 currently) that will result in messages like
141            #
142            #       Attempt to free unreferenced scalar
143            #
144            # and an eventual crash.
145            #
146            # So it was replaced with the more naive code following this
147            # commented out code.
148            #
149            # # split into path components
150            # my @pathComponents=split(/[\/]+/,$relPath);
151            #
152            # # Check components
153            # foreach (@pathComponents)
154            # {
155            #       # Very strict: We only allow alphanumeric characters, dash and
156            #       # underscore, followed by any number of extensions that also
157            #       # only allow the above characters.
158            #       unless(/^[a-z0-9\-\_][a-z0-9\-\_\.]*$/i)
159            #       {
160            #               &::syslog('debug',
161            #                       "Meteor::Document: Rejecting path '%s' due to invalid component '%s'",
162            #                       $relPath,$_
163            #               );
164            #              
165            #               return undef;
166            #       }
167            # }
168            #
169            #my $path=$::CONF{'SubscriberDocumentRoot'}.'/'.join('/',@pathComponents);
170            
171            #
172            # Check for all alphanumeric or dash, underscore, dot and slash
173            #
174            unless($relPath=~/^[a-z0-9\-\_\.\/]*$/i)
175            {
176                    &::syslog('debug',
177                            "Meteor::Document: Rejecting path '%s' due to invalid characters",
178                            $relPath
179                    );
180                    
181                    return undef;
182            }
183            #
184            # Don't allow '..'
185            #
186            if(index($relPath,'..')>=0)
187          {          {
188                  # Very strict: We only allow alphanumric characters, dash and                  &::syslog('debug',
189                  # underscore, followed by any number of extensions that also                          "Meteor::Document: Rejecting path '%s' due to invalid sequence '..'",
190                  # only allow the above characters.                          $relPath
191                  unless(/^[a-z0-9\-\_][a-z0-9\-\_\.]*$/i)                  );
192                  {                  
193                          &::syslog('debug',                  return undef;
                                 "Meteor::Document: Rejecting path '%s' due to invalid component '%s'",  
                                 $relPath,$_  
                         );  
                           
                         return undef;  
                 }  
194          }          }
195                    
196          my $path=$::CONF{'SubscriberDocumentRoot'}.'/'.join('/',@pathComponents);          my $path=$::CONF{'SubscriberDocumentRoot'}.'/'.$relPath;
197                    
198          # If it is a directory, append DirectoryIndex config value          # If it is a directory, append DirectoryIndex config value
199          $path.='/'.$::CONF{'DirectoryIndex'} if(-d $path);          $path.='/'.$::CONF{'DirectoryIndex'} if(-d $path);

Legend:
Removed from v.10  
changed lines
  Added in v.12

  ViewVC Help
Powered by ViewVC 1.1.26