Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

[#21464023] (followup) Security: arbitrary file inclusion

  • Loading branch information...
commit a995b2de6d9633af1df41a3a08c1dd60c9abace6 1 parent f89b31c
Clay Fouts ctfliblime authored
Showing with 2 additions and 0 deletions.
  1. +1 −0  help.pl
  2. +1 −0  installer/InstallAuth.pm
1  help.pl
View
@@ -19,6 +19,7 @@
$refer = $query->param('url');
}
+$refer =~ s{/\.\.}{}g; # untaint
$refer =~ /.*koha\/(.*)\.pl.*/;
my $from = "modules/help/$1.tmpl";
1  installer/InstallAuth.pm
View
@@ -109,6 +109,7 @@ sub get_template_and_user {
my $in = shift;
my $query = $in->{'query'};
my $language = $query->cookie('KohaOpacLanguage');
+ $language =~ s/[^\p{IsAlnum}\-_]//g; # untaint
my $path =
C4::Context->config('intrahtdocs') . "/prog/"
. ( $language ? $language : "en" );
Please sign in to comment.
Something went wrong with that request. Please try again.