Keine direkt vom Browser stammenden Strings bei open() verwenden.

diff --git a/SL/BP.pm b/SL/BP.pm
index 94a1e6a..9365d23 100644 (file)
--- a/SL/BP.pm
+++ b/SL/BP.pm
@@ -263,7 +263,7 @@ sub delete_spool {
 sub print_spool {
   $main::lxdebug->enter_sub();
 
-  my ($self, $myconfig, $form, $spool) = @_;
+  my ($self, $myconfig, $form, $spool, $output) = @_;
 
   # connect to database
   my $dbh = $form->dbconnect($myconfig);
@@ -275,8 +275,10 @@ sub print_spool {
 
   foreach my $i (1 .. $form->{rowcount}) {
     if ($form->{"checked_$i"}) {
-      open(OUT, $form->{OUT}) or $form->error("$form->{OUT} : $!");
+      # $output is safe ( = does not come directly from the browser).
+      open(OUT, $output) or $form->error("$output : $!");
 
+      $form->{"spoolfile_$i"} =~ s|.*/||;
       $spoolfile = qq|$spool/$form->{"spoolfile_$i"}|;
 
       # send file to printer

diff --git a/bin/mozilla/bp.pl b/bin/mozilla/bp.pl
index 457a35e..e430056 100644 (file)
--- a/bin/mozilla/bp.pl
+++ b/bin/mozilla/bp.pl
@@ -325,10 +325,9 @@ sub print {
 
   for $i (1 .. $form->{rowcount}) {
     if ($form->{"checked_$i"}) {
-      $form->{OUT} = "| $selected_printer";
       $form->info($locale->text('Printing ... '));
 
-      if (BP->print_spool(\%myconfig, \%$form, $spool)) {
+      if (BP->print_spool(\%myconfig, \%$form, $spool, "| $selected_printer")) {
         print $locale->text('done');
         $form->redirect($locale->text('Marked entries printed!'));
       }