From: minima <minima>
Date: Mon, 21 Mar 2005 20:49:13 +0000 (+0000)
Subject: add some security fixes
X-Git-Tag: R_1_52~75
X-Git-Url: http://www.dxcluster.org/gitweb/gitweb.cgi?p=spider.git;a=commitdiff_plain;h=526e7127d7eb6d8e2f2a4cffd782c4c87f0d1742

add some security fixes
---

diff --git a/perl/DXCommandmode.pm b/perl/DXCommandmode.pm
index 4dbeb863..f5ef8e28 100644
--- a/perl/DXCommandmode.pm
+++ b/perl/DXCommandmode.pm
@@ -439,7 +439,9 @@ sub run_cmd
 	if ($cmd) {
 		# strip out // and .. on command only
 		$cmd =~ s|//|/|g;
-		$cmd =~ s|\.+|\.|g;
+		$cmd =~ s|\.+||g;		# no dots allowed
+		$cmd =~ s|^/||g;		# no leading / either
+		$cmd =~ s|[^-\w/]||g;	# and no funny characters
 					
 		my ($path, $fcmd);