Bug 237627: Validate dataset names in reports.cgi

author bugreport%peshkin.net <>

Sat, 10 Jul 2004 15:05:24 +0000 (15:05 +0000)

committer bugreport%peshkin.net <>

Sat, 10 Jul 2004 15:05:24 +0000 (15:05 +0000)
author bugreport%peshkin.net <>
Sat, 10 Jul 2004 15:05:24 +0000 (15:05 +0000)
committer bugreport%peshkin.net <>
Sat, 10 Jul 2004 15:05:24 +0000 (15:05 +0000)
diff --git a/reports.cgi b/reports.cgi

index 2d91ebc6197c013778e22d0ecadeeea721451ada..eb7d5fa303b9052c5ad49e20737084d823b27bbf 100755 (executable)
--- a/reports.cgi
+++ b/reports.cgi
@@ -530,7 +530,7 @@ sub chart_image_name {
      # Instead, just require that each field name consists only of letters
      # and number
  
-    if ($FORM{'datasets'} !~ m/[A-Za-z0-9:]/) {
+    if ($FORM{'datasets'} !~ m/^[A-Za-z0-9:]+$/) {
          die "Invalid datasets $FORM{'datasets'}";
      }
      # Since we pass the tests, consider it OK
author	bugreport%peshkin.net <>
	Sat, 10 Jul 2004 15:05:24 +0000 (15:05 +0000)
committer	bugreport%peshkin.net <>
	Sat, 10 Jul 2004 15:05:24 +0000 (15:05 +0000)