Commit cbbad8e9 authored by David G Andersen's avatar David G Andersen
Browse files

Fix security bugs in docwrapper

parent fab7641d
......@@ -17,13 +17,13 @@ if (!$printable) {
$first = substr($docname, 0, 1);
if (strcmp($first, ".") == 0 ||
strcmp($first, "/") == 0) {
USERERROR("Invalid document name: $docname!");
USERERROR("Invalid document name: $docname!", 1);
}
#
# Nothing that looks like a ../ is allowed anywhere in the name
#
if (strstr($docname, "../")) {
USERERROR("Invalid document name: $docname!");
USERERROR("Invalid document name: $docname!", 1);
}
if (!$printable) {
......
......@@ -15,13 +15,13 @@ if (!$printable) {
$first = substr($docname, 0, 1);
if (strcmp($first, ".") == 0 ||
strcmp($first, "/") == 0) {
USERERROR("Invalid document name: $docname!");
USERERROR("Invalid document name: $docname!", 1);
}
#
# Nothing that looks like a ../ is allowed anywhere in the name
#
if (strstr($docname, "../")) {
USERERROR("Invalid document name: $docname!");
USERERROR("Invalid document name: $docname!", 1);
}
if (!$printable) {
......
......@@ -17,13 +17,13 @@ if (!$printable) {
$first = substr($docname, 0, 1);
if (strcmp($first, ".") == 0 ||
strcmp($first, "/") == 0) {
USERERROR("Invalid document name: $docname!");
USERERROR("Invalid document name: $docname!", 1);
}
#
# Nothing that looks like a ../ is allowed anywhere in the name
#
if (strstr($docname, "../")) {
USERERROR("Invalid document name: $docname!");
USERERROR("Invalid document name: $docname!", 1);
}
if (!$printable) {
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment