projects
/
spider.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
add some security fixes
[spider.git]
/
perl
/
DXCommandmode.pm
diff --git
a/perl/DXCommandmode.pm
b/perl/DXCommandmode.pm
index 4dbeb863c8ba784f8ee3b264eb4e507cfc4d0e5f..f5ef8e2808ba0a1b403610ed5245575013b93960 100644
(file)
--- a/
perl/DXCommandmode.pm
+++ b/
perl/DXCommandmode.pm
@@
-439,7
+439,9
@@
sub run_cmd
if ($cmd) {
# strip out // and .. on command only
$cmd =~ s|//|/|g;
if ($cmd) {
# strip out // and .. on command only
$cmd =~ s|//|/|g;
- $cmd =~ s|\.+|\.|g;
+ $cmd =~ s|\.+||g; # no dots allowed
+ $cmd =~ s|^/||g; # no leading / either
+ $cmd =~ s|[^-\w/]||g; # and no funny characters
my ($path, $fcmd);
my ($path, $fcmd);