Skip to content

Commit

Permalink
Item561: viewfile taint issues highlight un-validated parameters
Browse files Browse the repository at this point in the history 
git-svn-id: http://svn.foswiki.org/trunk@1567 0b4bb1d4-4e5a-0410-9cc4-b2b747904278
  • Loading branch information
SvenDowideit authored and SvenDowideit committed Dec 24, 2008
1 parent 19b42df commit 1e66fc4
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion core/lib/Foswiki/UI/View.pm
View file
Expand Up @@ -434,7 +434,7 @@ sub viewfile {
my $fileName;
unless (defined($ENV{REDIRECT_STATUS}) && defined($ENV{REQUEST_URI})) {
if ( defined( $query->param('filename') ) ) {
$fileName = Foswiki::Sandbox::untaint($query->param('filename'), \&Foswiki::Sandbox::validateWebName);
$fileName = Foswiki::Sandbox::normalizeFileName($query->param('filename'));
} else {
my $pathInfo = Foswiki::Sandbox::normalizeFileName($query->path_info());
$pathInfo =~ s|//*|/|g; #stop the simplistic parsing from barfing on //
Expand Down

0 comments on commit 1e66fc4

Please sign in to comment.