fix for DoS vulnerability noted by Kevin S. Ho

[staff.git] / shift.cgi

diff --git a/shift.cgi b/shift.cgi
index b99b039..daf63ee 100755 (executable)
--- a/shift.cgi
+++ b/shift.cgi
@@ -2,7 +2,7 @@
 #!/usr/bin/perl -Tw
 # (Text::Template can't do -T, but no user input is used dangerously)
 #
-# $Id: shift.cgi,v 1.2 2000-07-18 05:43:27 ivan Exp $
+# $Id: shift.cgi,v 1.3 2000-09-23 18:08:45 ivan Exp $
 #
 # Copyright (C) 2000 Adam Gould
 # Copyright (C) 2000 Michal Migurski
@@ -103,13 +103,14 @@ if ( $cgi->param() ) {
     foreach my $field ( @diff_fields ) {
       $shifthash{$field}='' unless defined $shifthash{$field};
       if ( $shifthash{$field} eq $cgi->param($field. '_old') ) {
-        if ( $cgi->param($field. "_new") =~
-               /\b(\w[\w\-\.\+]*\@(([\w\.\-]+\.)+\w+))\b/
-             || $cgi->param($field. "_new") =~ /^\s*$/
+      if ( $cgi->param($field. "_new") =~
+             /^\s*(\w[\w\s\.\'\-]{0,99}<?\s{0,9}(\w[\w\-\.\+]{0,99}\@(([\w\.\-]{1,99}\.){1,99}\w{1,99}))\s{0,9}>?)\s*$/
+           || $cgi->param($field. "_new") =~ /^\s*()$/
         ) {
+          my $new = $1;
           open(FILE,">$data_directory/.new.$field")
             or die "Can't open file $data_directory/$field: $!";
-          print FILE $cgi->param($field. "_new");
+          print FILE $new;
           close FILE;
           rename "$data_directory/.new.$field", "$data_directory/$field";
           $warning{$field} = '';