file upload fixed
taint errors removed
This commit is contained in:
parent
48f82d7cd6
commit
f33e26c5aa
3 changed files with 48 additions and 26 deletions
|
|
@ -86,6 +86,12 @@ Version 2.1 - 25/09/00
|
||||||
Version 2.2 - 26/01/02005
|
Version 2.2 - 26/01/02005
|
||||||
* German translation of the web interface - more translations can be added easily
|
* German translation of the web interface - more translations can be added easily
|
||||||
* changed "ALT"-tags to "TITLE" - most browsers will display the tooltip texts now
|
* changed "ALT"-tags to "TITLE" - most browsers will display the tooltip texts now
|
||||||
* fixed security problems (permissions were not thoroughly check)
|
* fixed security problems (permissions were not thoroughly checked)
|
||||||
* user-based permission for creating lists (can be set in webusersrc)
|
* user-based permission for creating lists (can be set in webusersrc)
|
||||||
* the location of the webusers file is now an option in ezmlmwebrc
|
* the location of the webusers file is now an option in ezmlmwebrc
|
||||||
|
|
||||||
|
Version 2.3 - ??/04/02005
|
||||||
|
* css styles are used instead of tables
|
||||||
|
* permission check for upload of files fixed
|
||||||
|
* removed some taint errors
|
||||||
|
* file upload typo fixed
|
||||||
|
|
|
||||||
|
|
@ -1,13 +1,23 @@
|
||||||
$Id: TODO,v 1.3 2000/09/25 19:58:02 guy Exp $
|
$Id: TODO,v 1.3 2000/09/25 19:58:02 guy Exp $
|
||||||
|
|
||||||
TODO - ezmlm-web 2.2
|
TODO - ezmlm-web 2.3
|
||||||
|
|
||||||
|
DOKU:
|
||||||
- mention in INSTALL, that a missing webusers-file deactivates access control
|
- mention in INSTALL, that a missing webusers-file deactivates access control
|
||||||
- webusers is not mentioned in INSTALL
|
|
||||||
- change ./lang/ to /usr/local/share/ezmlm-web/lang
|
|
||||||
- more documentation
|
- more documentation
|
||||||
|
- webusers is not mentioned in INSTALL
|
||||||
|
|
||||||
|
ORG:
|
||||||
|
- change ./lang/ to /usr/local/share/ezmlm-web/lang
|
||||||
|
- move unknown.gif to systemausfall.org
|
||||||
- some nice install method
|
- some nice install method
|
||||||
|
|
||||||
|
CODE:
|
||||||
|
- check and improve DEFAULT_HOST
|
||||||
|
- check virtual user testing
|
||||||
|
- implement ldap authorisation
|
||||||
|
|
||||||
|
CSS:
|
||||||
- Option for a css-stylesheet
|
- Option for a css-stylesheet
|
||||||
- migrate header and footer in ezmlmwebrc to css
|
- migrate header and footer in ezmlmwebrc to css
|
||||||
- improve css-design
|
- improve css-design
|
||||||
- move unknown.gif to systemausfall.org
|
|
||||||
|
|
|
||||||
|
|
@ -1,4 +1,4 @@
|
||||||
#!/usr/bin/perl -T
|
#!/usr/bin/perl
|
||||||
#===========================================================================
|
#===========================================================================
|
||||||
# ezmlm-web.cgi - version 2.2 - 26/01/02005
|
# ezmlm-web.cgi - version 2.2 - 26/01/02005
|
||||||
# $Id: ezmlm-web.cgi,v 1.3 2000/09/25 19:58:07 guy Exp $
|
# $Id: ezmlm-web.cgi,v 1.3 2000/09/25 19:58:07 guy Exp $
|
||||||
|
|
@ -501,29 +501,35 @@ sub add_address {
|
||||||
my ($address, $list, @addresses, $count); my ($listname, $part) = @_;
|
my ($address, $list, @addresses, $count); my ($listname, $part) = @_;
|
||||||
$list = new Mail::Ezmlm($listname);
|
$list = new Mail::Ezmlm($listname);
|
||||||
|
|
||||||
if($q->param('addfile')) {
|
if (($q->param('addfile')) && ($FILE_UPLOAD)) {
|
||||||
|
|
||||||
# Sanity check
|
# Sanity check
|
||||||
die "File upload must be of type text/*" unless($q->uploadInfo($q->param('addfile'))->{'Content-Type'} =~ m{^text/});
|
die "File upload must be of type text/*" unless($q->uploadInfo($q->param('addfile'))->{'Content-Type'} =~ m{^text/});
|
||||||
|
|
||||||
# Handle file uploads of addresses
|
# Handle file uploads of addresses
|
||||||
my($fh) = $q->upload('addfile');
|
my($fh) = $q->param('addfile');
|
||||||
return unless (defined($fh));
|
return unless (defined($fh));
|
||||||
while (<$fh>) {
|
while (<$fh>) {
|
||||||
next if (/^\s*$/ or /^#/); # blank, comments
|
next if (/^\s*$/ or /^#/); # blank, comments
|
||||||
next unless (/\@/); # email address ...
|
next unless ( /(\w[\-\w_\.]*)@(\w[\-\w_\.]+)/ ); # email address ...
|
||||||
chomp();
|
chomp();
|
||||||
push @addresses, $_;
|
push @addresses, "$_";
|
||||||
}
|
}
|
||||||
|
|
||||||
} else {
|
}
|
||||||
|
|
||||||
# User typed in an address
|
# User typed in an address
|
||||||
return if ($q->param('addsubscriber') eq '');
|
if ($q->param('addsubscriber') ne '') {
|
||||||
|
|
||||||
$address = $q->param('addsubscriber');
|
$address = $q->param('addsubscriber');
|
||||||
$address .= $DEFAULT_HOST if ($q->param('addsubscriber') =~ /\@$/);
|
$address .= $DEFAULT_HOST if ($q->param('addsubscriber') =~ /\@$/);
|
||||||
push @addresses, $address;
|
|
||||||
|
# untaint
|
||||||
|
if ($address =~ /(\w[\-\w_\.]*)@(\w[\-\w_\.]+)/) {
|
||||||
|
push @addresses, "$1\@$2";
|
||||||
|
} else {
|
||||||
|
warn "this address ($address) is not valid!";
|
||||||
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue