projects
/
staff.git
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
|
inline
| side by side (parent:
cb69f12
)
fix for DoS vulnerability noted by Kevin S. Ho
author
ivan
<ivan>
Sat, 23 Sep 2000 18:08:45 +0000
(18:08 +0000)
committer
ivan
<ivan>
Sat, 23 Sep 2000 18:08:45 +0000
(18:08 +0000)
TODO
patch
|
blob
|
history
shift.cgi
patch
|
blob
|
history
diff --git
a/TODO
b/TODO
index
834f3d9
..
771ae48
100644
(file)
--- a/
TODO
+++ b/
TODO
@@
-1,3
+1,13
@@
+here's a one-liner to find duplicate inputbox'es:
+
+grep inputbox staffing.html | perl -pe '/inputbox\(\"(.*)\"\)/ or die; $_="$1\n";' | sort | uniq -d
+
+(though the program should probably error out)
+
+and here's another useful one:
+
+ perl -ne 'if ( /^((.*)\s+)(\S+\@\S+)$/ ) { print "$1<$3>\n"; } else { print "$_\n"; }' P*
+
Delivered-To: ivan-fnf-planners@420.am
To: phred@well.com, larryc@cloudfactory.org, fnf-planners@topica.com
From: Rob Jellinghaus <robj@unrealities.com>
Delivered-To: ivan-fnf-planners@420.am
To: phred@well.com, larryc@cloudfactory.org, fnf-planners@topica.com
From: Rob Jellinghaus <robj@unrealities.com>
diff --git
a/shift.cgi
b/shift.cgi
index
b99b039
..
daf63ee
100755
(executable)
--- a/
shift.cgi
+++ b/
shift.cgi
@@
-2,7
+2,7
@@
#!/usr/bin/perl -Tw
# (Text::Template can't do -T, but no user input is used dangerously)
#
#!/usr/bin/perl -Tw
# (Text::Template can't do -T, but no user input is used dangerously)
#
-# $Id: shift.cgi,v 1.
2 2000-07-18 05:43:27
ivan Exp $
+# $Id: shift.cgi,v 1.
3 2000-09-23 18:08:45
ivan Exp $
#
# Copyright (C) 2000 Adam Gould
# Copyright (C) 2000 Michal Migurski
#
# Copyright (C) 2000 Adam Gould
# Copyright (C) 2000 Michal Migurski
@@
-103,13
+103,14
@@
if ( $cgi->param() ) {
foreach my $field ( @diff_fields ) {
$shifthash{$field}='' unless defined $shifthash{$field};
if ( $shifthash{$field} eq $cgi->param($field. '_old') ) {
foreach my $field ( @diff_fields ) {
$shifthash{$field}='' unless defined $shifthash{$field};
if ( $shifthash{$field} eq $cgi->param($field. '_old') ) {
-
if ( $cgi->param($field. "_new") =~
-
/\b(\w[\w\-\.\+]*\@(([\w\.\-]+\.)+\w+))\b
/
-
|| $cgi->param($field. "_new") =~ /^\s*
$/
+ if ( $cgi->param($field. "_new") =~
+
/^\s*(\w[\w\s\.\'\-]{0,99}<?\s{0,9}(\w[\w\-\.\+]{0,99}\@(([\w\.\-]{1,99}\.){1,99}\w{1,99}))\s{0,9}>?)\s*$
/
+
|| $cgi->param($field. "_new") =~ /^\s*()
$/
) {
) {
+ my $new = $1;
open(FILE,">$data_directory/.new.$field")
or die "Can't open file $data_directory/$field: $!";
open(FILE,">$data_directory/.new.$field")
or die "Can't open file $data_directory/$field: $!";
- print FILE $
cgi->param($field. "_new")
;
+ print FILE $
new
;
close FILE;
rename "$data_directory/.new.$field", "$data_directory/$field";
$warning{$field} = '';
close FILE;
rename "$data_directory/.new.$field", "$data_directory/$field";
$warning{$field} = '';