file upload fixed
taint errors removed
This commit is contained in:
parent
48f82d7cd6
commit
f33e26c5aa
3 changed files with 48 additions and 26 deletions
|
@ -86,6 +86,12 @@ Version 2.1 - 25/09/00
|
|||
Version 2.2 - 26/01/02005
|
||||
* German translation of the web interface - more translations can be added easily
|
||||
* changed "ALT"-tags to "TITLE" - most browsers will display the tooltip texts now
|
||||
* fixed security problems (permissions were not thoroughly check)
|
||||
* fixed security problems (permissions were not thoroughly checked)
|
||||
* user-based permission for creating lists (can be set in webusersrc)
|
||||
* the location of the webusers file is now an option in ezmlmwebrc
|
||||
|
||||
Version 2.3 - ??/04/02005
|
||||
* css styles are used instead of tables
|
||||
* permission check for upload of files fixed
|
||||
* removed some taint errors
|
||||
* file upload typo fixed
|
||||
|
|
|
@ -1,13 +1,23 @@
|
|||
$Id: TODO,v 1.3 2000/09/25 19:58:02 guy Exp $
|
||||
|
||||
TODO - ezmlm-web 2.2
|
||||
TODO - ezmlm-web 2.3
|
||||
|
||||
- mention in INSTALL, that a missing webusers-file deactivates access control
|
||||
- webusers is not mentioned in INSTALL
|
||||
- change ./lang/ to /usr/local/share/ezmlm-web/lang
|
||||
- more documentation
|
||||
- some nice install method
|
||||
- Option for a css-stylesheet
|
||||
- migrate header and footer in ezmlmwebrc to css
|
||||
- improve css-design
|
||||
DOKU:
|
||||
- mention in INSTALL, that a missing webusers-file deactivates access control
|
||||
- more documentation
|
||||
- webusers is not mentioned in INSTALL
|
||||
|
||||
ORG:
|
||||
- change ./lang/ to /usr/local/share/ezmlm-web/lang
|
||||
- move unknown.gif to systemausfall.org
|
||||
- some nice install method
|
||||
|
||||
CODE:
|
||||
- check and improve DEFAULT_HOST
|
||||
- check virtual user testing
|
||||
- implement ldap authorisation
|
||||
|
||||
CSS:
|
||||
- Option for a css-stylesheet
|
||||
- migrate header and footer in ezmlmwebrc to css
|
||||
- improve css-design
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
#!/usr/bin/perl -T
|
||||
#!/usr/bin/perl
|
||||
#===========================================================================
|
||||
# ezmlm-web.cgi - version 2.2 - 26/01/02005
|
||||
# $Id: ezmlm-web.cgi,v 1.3 2000/09/25 19:58:07 guy Exp $
|
||||
|
@ -501,32 +501,38 @@ sub add_address {
|
|||
my ($address, $list, @addresses, $count); my ($listname, $part) = @_;
|
||||
$list = new Mail::Ezmlm($listname);
|
||||
|
||||
if($q->param('addfile')) {
|
||||
if (($q->param('addfile')) && ($FILE_UPLOAD)) {
|
||||
|
||||
# Sanity check
|
||||
die "File upload must be of type text/*" unless($q->uploadInfo($q->param('addfile'))->{'Content-Type'} =~ m{^text/});
|
||||
|
||||
# Handle file uploads of addresses
|
||||
my($fh) = $q->upload('addfile');
|
||||
my($fh) = $q->param('addfile');
|
||||
return unless (defined($fh));
|
||||
while (<$fh>) {
|
||||
next if (/^\s*$/ or /^#/); # blank, comments
|
||||
next unless (/\@/); # email address ...
|
||||
chomp();
|
||||
push @addresses, $_;
|
||||
next if (/^\s*$/ or /^#/); # blank, comments
|
||||
next unless ( /(\w[\-\w_\.]*)@(\w[\-\w_\.]+)/ ); # email address ...
|
||||
chomp();
|
||||
push @addresses, "$_";
|
||||
}
|
||||
|
||||
} else {
|
||||
|
||||
# User typed in an address
|
||||
return if ($q->param('addsubscriber') eq '');
|
||||
|
||||
$address = $q->param('addsubscriber');
|
||||
$address .= $DEFAULT_HOST if ($q->param('addsubscriber') =~ /\@$/);
|
||||
push @addresses, $address;
|
||||
|
||||
}
|
||||
|
||||
# User typed in an address
|
||||
if ($q->param('addsubscriber') ne '') {
|
||||
|
||||
$address = $q->param('addsubscriber');
|
||||
$address .= $DEFAULT_HOST if ($q->param('addsubscriber') =~ /\@$/);
|
||||
|
||||
# untaint
|
||||
if ($address =~ /(\w[\-\w_\.]*)@(\w[\-\w_\.]+)/) {
|
||||
push @addresses, "$1\@$2";
|
||||
} else {
|
||||
warn "this address ($address) is not valid!";
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
foreach $address (@addresses) {
|
||||
|
||||
my($add) = Mail::Address->parse($address);
|
||||
|
|
Loading…
Reference in a new issue