diff options
| author | ivan <ivan> | 2000-08-24 07:26:50 +0000 |
|---|---|---|
| committer | ivan <ivan> | 2000-08-24 07:26:50 +0000 |
| commit | f01fe96a27912381d4b30ccad3d355d74f76f505 (patch) | |
| tree | 1fa100d4cd4025b9ba41efda1c143fcb498351bc | |
| parent | f402899b993f7fd52a264ebf07a9acf9d07099df (diff) | |
untaint template source
| -rw-r--r-- | TODO | 5 | ||||
| -rwxr-xr-x | fs_signup/FS-SignupClient/cgi/signup.cgi | 18 |
2 files changed, 17 insertions, 6 deletions
@@ -1,4 +1,4 @@ -$Id: TODO,v 1.49 2000-08-09 11:30:40 ivan Exp $ +$Id: TODO,v 1.50 2000-08-24 07:26:50 ivan Exp $ If you are interested in helping with any of these, please join the *development* mailing list (send a blank message to @@ -6,6 +6,9 @@ ivan-freeside-devel-subscribe@sisd.com) to avoid duplication of effort. --- +"first package" and email invoice (?) not sticky on errors in new/edit customer +screen. + http://www.ipmeter.com/ integration would be useful http://tangram.sourceforge.net/ diff --git a/fs_signup/FS-SignupClient/cgi/signup.cgi b/fs_signup/FS-SignupClient/cgi/signup.cgi index 839ad333d..7576b8b42 100755 --- a/fs_signup/FS-SignupClient/cgi/signup.cgi +++ b/fs_signup/FS-SignupClient/cgi/signup.cgi @@ -1,6 +1,6 @@ #!/usr/bin/perl -Tw # -# $Id: signup.cgi,v 1.7 2000-05-10 23:57:57 ivan Exp $ +# $Id: signup.cgi,v 1.8 2000-08-24 07:26:50 ivan Exp $ use strict; use vars qw( @payby $cgi $locales $packages $pops $r $error @@ -29,14 +29,22 @@ $ieak_file = '/usr/local/freeside/ieak.template'; $cck_file = '/usr/local/freeside/cck.template'; if ( -e $ieak_file ) { - $ieak_template = new Text::Template ( TYPE => 'FILE', SOURCE => $ieak_file ) - or die "Couldn't construct template: $Text::Template::ERROR"; + my $ieak_txt = Text::Template::_load_text($ieak_file) + or die $Text::Template::ERROR; + $ieak_txt =~ /^(.*)$/s; #untaint the template source - it's trusted + $ieak_txt = $1; + $ieak_template = new Text::Template ( TYPE => 'STRING', SOURCE => $ieak_txt ) + or die $Text::Template::ERROR; } else { $ieak_template = ''; } if ( -e $cck_file ) { - $cck_template = new Text::Template ( TYPE => 'FILE', SOURCE => $cck_file ) - or die "Couldn't construct template: $Text::Template::ERROR"; + my $cck_txt = Text::Template::_load_text($cck_file) + or die $Text::Template::ERROR; + $cck_txt =~ /^(.*)$/s; #untaint the template source - it's trusted + $cck_txt = $1; + $cck_template = new Text::Template ( TYPE => 'STRING', SOURCE => $cck_txt ) + or die $Text::Template::ERROR; } else { $cck_template = ''; } |