From 00034f178d3476b6a78eb8fa6080d5662e24164a Mon Sep 17 00:00:00 2001
From: jlmartinez <>
Date: Fri, 11 Jul 2008 09:42:24 +0000
Subject: [PATCH] Ticket #48

ezmlm-web.cgi
 - synced regexps in create_list and untaint
---
 ezmlm-web.cgi | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/ezmlm-web.cgi b/ezmlm-web.cgi
index 41b669e..1ac54cb 100755
--- a/ezmlm-web.cgi
+++ b/ezmlm-web.cgi
@@ -1457,7 +1457,7 @@ sub untaint {
 
 	# check the list name
 	if (defined($q->param('list')) &&
-			($q->param('list') =~ /[^\w\.-]/) &&
+			($q->param('list') !~ m/^[\w\d\_\-\.\/\@]+$/) &&
 			($q->param('action') !~ /^list_create_(do|ask)$/)) {
 		$warning = 'InvalidListName' if ($warning eq '');
 		$q->param(-name=>'list', -values=>'');
@@ -1651,7 +1651,7 @@ sub create_list {
 	# dotqmail files may not contain uppercase letters
 	$qmail = lc($qmail);
 	$listname = $q->param('list');
-	if ($listname =~ m/[^\w\.-]/) {
+	if ($listname !~ m/^[\w\d\_\-\.\/\@]+$/) {
 		$warning = 'InvalidListName';
 		return (1==0);
    	}