From d5b09512de82cea18d7476365e001b0286f57be0 Mon Sep 17 00:00:00 2001 From: Moritz Bunkus Date: Fri, 11 May 2007 11:58:47 +0000 Subject: [PATCH] Es muss sichergestellt sein, dass $form->{login} keine Datei Pfadkomponenten enthalten kann. --- am.pl | 2 ++ login.pl | 2 ++ 2 files changed, 4 insertions(+) diff --git a/am.pl b/am.pl index e48b9790d..b54599e49 100755 --- a/am.pl +++ b/am.pl @@ -77,6 +77,8 @@ $script =~ s/\.pl//; # pull in DBI use DBI; +$form->{login} =~ s|.*/||; + # check for user config file, could be missing or ??? eval { require("$userspath/$form->{login}.conf"); }; if ($@) { diff --git a/login.pl b/login.pl index 7753cc5b8..7cca68aa7 100755 --- a/login.pl +++ b/login.pl @@ -71,6 +71,8 @@ $0 =~ tr/\\/\//; $pos = rindex $0, '/'; $script = substr($0, $pos + 1); +$form->{login} =~ s|.*/||; + if (-e "$userspath/nologin" && $script ne 'admin.pl') { print "content-type: text/plain -- 2.20.1