Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Browse files

[#21464023] (followup) Security: arbitrary file inclusion

  • Loading branch information...
commit 872ca130c9fa3c246c4a3586e905edea8fb94ab0 1 parent ded96d8
@ctfliblime ctfliblime authored
Showing with 4 additions and 2 deletions.
  1. +3 −2 cgi/help.pl
  2. +1 −0  installer/InstallAuth.pm
View
5 cgi/help.pl
@@ -9,7 +9,7 @@
use C4::Context;
use CGI;
-my $query = new CGI;
+our $query = CGI->new();
# find the script that called the online help using the CGI referer()
our $refer = $query->referer();
@@ -20,10 +20,11 @@
$refer = $query->param('url');
}
+$refer =~ s{/\.\.}{}g; # untaint
$refer =~ /.*koha\/(.*)\.pl.*/;
my $from = "modules/help/$1.tmpl";
-my $template = gethelptemplate( $from, "intranet" );
+our $template = gethelptemplate( $from, "intranet" );
# my $template
output_html_with_http_headers $query, "", $template->output;
View
1  installer/InstallAuth.pm
@@ -110,6 +110,7 @@ sub get_template_and_user {
my $in = shift;
my $query = $in->{'query'};
my $language = $query->cookie('KohaOpacLanguage');
+ $language =~ s/[^\p{IsAlnum}\-_]//g; # untaint
my $path =
C4::Context->config('intrahtdocs') . "/prog/"
. ( $language ? $language : "en" );
Please sign in to comment.
Something went wrong with that request. Please try again.