From b5157f97d47413e5f33cced1d0de527979ff3d61 Mon Sep 17 00:00:00 2001 From: Moritz Bunkus Date: Fri, 11 May 2007 11:12:18 +0000 Subject: [PATCH] Keine direkt vom Browser stammenden Strings bei open() verwenden. --- SL/BP.pm | 6 ++++-- bin/mozilla/bp.pl | 3 +-- 2 files changed, 5 insertions(+), 4 deletions(-) diff --git a/SL/BP.pm b/SL/BP.pm index 94a1e6a2f..9365d2307 100644 --- a/SL/BP.pm +++ b/SL/BP.pm @@ -263,7 +263,7 @@ sub delete_spool { sub print_spool { $main::lxdebug->enter_sub(); - my ($self, $myconfig, $form, $spool) = @_; + my ($self, $myconfig, $form, $spool, $output) = @_; # connect to database my $dbh = $form->dbconnect($myconfig); @@ -275,8 +275,10 @@ sub print_spool { foreach my $i (1 .. $form->{rowcount}) { if ($form->{"checked_$i"}) { - open(OUT, $form->{OUT}) or $form->error("$form->{OUT} : $!"); + # $output is safe ( = does not come directly from the browser). + open(OUT, $output) or $form->error("$output : $!"); + $form->{"spoolfile_$i"} =~ s|.*/||; $spoolfile = qq|$spool/$form->{"spoolfile_$i"}|; # send file to printer diff --git a/bin/mozilla/bp.pl b/bin/mozilla/bp.pl index 457a35ebc..e43005660 100644 --- a/bin/mozilla/bp.pl +++ b/bin/mozilla/bp.pl @@ -325,10 +325,9 @@ sub print { for $i (1 .. $form->{rowcount}) { if ($form->{"checked_$i"}) { - $form->{OUT} = "| $selected_printer"; $form->info($locale->text('Printing ... ')); - if (BP->print_spool(\%myconfig, \%$form, $spool)) { + if (BP->print_spool(\%myconfig, \%$form, $spool, "| $selected_printer")) { print $locale->text('done'); $form->redirect($locale->text('Marked entries printed!')); } -- 2.20.1