From 526e7127d7eb6d8e2f2a4cffd782c4c87f0d1742 Mon Sep 17 00:00:00 2001
From: minima <minima>
Date: Mon, 21 Mar 2005 20:49:13 +0000
Subject: [PATCH] add some security fixes

---
 perl/DXCommandmode.pm | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/perl/DXCommandmode.pm b/perl/DXCommandmode.pm
index 4dbeb863..f5ef8e28 100644
--- a/perl/DXCommandmode.pm
+++ b/perl/DXCommandmode.pm
@@ -439,7 +439,9 @@ sub run_cmd
 	if ($cmd) {
 		# strip out // and .. on command only
 		$cmd =~ s|//|/|g;
-		$cmd =~ s|\.+|\.|g;
+		$cmd =~ s|\.+||g;		# no dots allowed
+		$cmd =~ s|^/||g;		# no leading / either
+		$cmd =~ s|[^-\w/]||g;	# and no funny characters
 					
 		my ($path, $fcmd);
 			
-- 
2.34.1