Navigation

Changeset 1758

Timestamp:

11/29/06 05:02:41 (2 years ago)

Author:

anarcat

Message:

remove quotemeta everywhere, and make sure variables are safe before using them. Closes: #1003

Files:

r1618	r1758
14	14	delete @ENV{'IFS', 'CDPATH', 'ENV', 'BASH_ENV'};
15	15
16		if (!($mailname =~ /^([a-z0-9_\+\.-]+\_[a-z0-9\.-]+)$/)) {
	16	if (!($mailname =~ /^([a-z0-9_\+\.][a-z0-9_\+\.-]+\_[a-z0-9\.-]+)$/)) {
17	17	die "Email is incorrect.";
18	18	}
…	…
38	38	foreach(@todo) {
39	39	mkdir($_);
40		system("/bin/chown 33:$uid '~~".quotemeta($_)."~~'");
	40	system("/bin/chown 33:$uid '$_'");
41	41	}
42	42

r1618	r1758
14	14	delete @ENV{'IFS', 'CDPATH', 'ENV', 'BASH_ENV'};
15	15
16		if (!($mailname =~ /^([a-z0-9_\+\.-]+\_[a-z0-9\.-]+)$/)) {
	16	if (!($mailname =~ /^([a-z0-9_\+-][a-z0-9_\+\.-]+\_[a-z0-9\.-]+)$/)) {
17	17	die "Email is incorrect.";
18	18	}
…	…
22	22	$( = $);
23	23
24		system("/bin/rm -rf '~~".quotemeta("/var/alternc/mail/".substr($mailname,0,1)."/".$mailname)~~."'");
	24	system("/bin/rm -rf '/var/alternc/mail/".substr($mailname,0,1)."/".$mailname."'");
25	25
26	26	0;

r1618	r1758
14	14	delete @ENV{'IFS', 'CDPATH', 'ENV', 'BASH_ENV'};
15	15
16		if (!($name =~ /^([a-z0-9~~_\+\.-~~]+)$/)) {
	16	if (!($name =~ /^([a-z0-9]+)$/)) {
17	17	die "Account name is incorrect.";
18	18	}
…	…
24	24	my $PTH="/var/alternc/html/".substr($name,0,1)."/".$name;
25	25
26		system("/bin/rm -rf '~~".quotemeta($PTH)."~~'");
	26	system("/bin/rm -rf '$PTH'");
27	27
28	28	0;

r1618	r1758
27	27	$( = $);
28	28
29		my $PTH="/usr/lib/alternc/quota_edit.sh '~~".quotemeta($uid)."' '".quotemeta($size)."~~'";
	29	my $PTH="/usr/lib/alternc/quota_edit.sh '$uid' '$size'";
30	30
31	31	system($PTH);

r1618	r1758
22	22	$( = $);
23	23
24		my $PTH="/usr/lib/alternc/quota_get.sh '~~".quotemeta($uid)."~~'";
	24	my $PTH="/usr/lib/alternc/quota_get.sh '$uid'";
25	25
26	26	system($PTH);