From a9565954c9a772f5ddb2bda827a76c2cadb83bee Mon Sep 17 00:00:00 2001
From: =?utf8?q?Fr=C3=A9d=C3=A9ric=20Marchal?=
 <fmarchal@users.sourceforge.net>
Date: Fri, 7 May 2010 07:13:58 +0000
Subject: [PATCH] Strengthen the making of the report file name to drastically
 limit the characters from the user ID that can appear in the file name. The
 presence of an unescaped backquote in the user ID would execute the rest of
 the name as a shell command (fixes bug #2997707 reported by anonymous).

---
 CMakeLists.txt | 2 +-
 ChangeLog      | 4 +++-
 include/info.h | 2 +-
 userinfo.c     | 9 ++++-----
 4 files changed, 9 insertions(+), 8 deletions(-)

diff --git a/CMakeLists.txt b/CMakeLists.txt
index 08b35be..501b555 100755
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -3,7 +3,7 @@ PROJECT(sarg C)
 SET(sarg_VERSION 2)
 SET(sarg_REVISION "3-pre2")
 SET(sarg_BUILD "")
-SET(sarg_BUILDDATE "May-03-2010")
+SET(sarg_BUILDDATE "May-07-2010")
 
 INCLUDE(AddFileDependencies)
 INCLUDE(CheckIncludeFile)
diff --git a/ChangeLog b/ChangeLog
index 2b65641..b3ebb0d 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,6 +1,6 @@
 SARG ChangeLog
 
-May-3-2009 Version 2.3-pre2
+May-07-2009 Version 2.3-pre2
 		- LDAP usertab added. 
 		  Now you can have your users in a LDAP Server.
 		  Use these tags in sarg.conf: LDAPHost, LDAPPort, LDAPBindDN, LDAPBindPW,
@@ -24,6 +24,8 @@ May-3-2009 Version 2.3-pre2
 		- Use the word "Redirector" instead of mentioning explicitly squidGuard in the reports as at least Rejik is compatible with sarg (thanks to Maxim Britov).
 		- The date range passed as argument is not restricted to the actual range covered by the log files any more.
 		- Fix the exclusion of status codes to exclude more than one code.
+		- Accept date ranges for -d command line option as day-n, week-n and month-n where n is the number of backward days, weeks and months to report.
+		- Strengthen the making of the report file name to drastically limit the characters from the user ID that can appear in the file name. The presence of an unescaped backquote in the user ID would execute the rest of the name as a shell command (fixes bug #2997707 reported by anonymous).
 
 Feb-10-2010 Version 2.2.7.1
 		- Fixed compilation error reported by some compilers due to an sizeof in a fprintf (thanks to Maxim Britov and Renato Botelho).
diff --git a/include/info.h b/include/info.h
index 3cd0074..2437074 100755
--- a/include/info.h
+++ b/include/info.h
@@ -1,3 +1,3 @@
-#define VERSION PACKAGE_VERSION" May-03-2010"
+#define VERSION PACKAGE_VERSION" May-07-2010"
 #define PGM PACKAGE_NAME
 #define URL "http://sarg.sourceforge.net"
diff --git a/userinfo.c b/userinfo.c
index cbafa29..fb664d7 100644
--- a/userinfo.c
+++ b/userinfo.c
@@ -82,15 +82,14 @@ struct userinfostruct *userinfo_create(const char *userid)
 
    skip=0;
    for(i=0 ; userid[i] && i<MAX_USER_FNAME_LEN-1 ; i++) {
-      if(userid[i]=='?' || userid[i]=='.' || userid[i]==':' || userid[i]=='/' || userid[i]=='\\' || userid[i]=='\'' ||
-         userid[i]=='$' || userid[i]=='@' || userid[i]=='\"' || userid[i]=='*') {
+      if(isalnum(userid[i]) || userid[i]=='-' || userid[i]=='_') {
+         user->filename[i]=userid[i];
+         skip=0;
+      } else {
          if (!skip) {
             user->filename[i]='_';
             skip=1;
          }
-      } else {
-         user->filename[i]=userid[i];
-         skip=0;
       }
    }
    user->filename[i]='\0';
-- 
2.47.2