Magic-Mirror/gecko-dev
1
0
Fork 0
mirror of https://github.com/mozilla/gecko-dev.git synced 2024-10-09 03:15:11 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Security check needs to happen after the eval, so that it's matching

Browse Source 
variable side-effects don't hurt us.
This commit is contained in:
dmose%mozilla.org 2000-05-12 17:51:00 +00:00
parent 08a59eeda9
commit b34de55811
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
webtools/bonsai/cvsview2.cgi
View File

@ -400,9 +400,9 @@ my $opt_subdir;
foreach my $option (split(/&/, $query_string)) {
die("command $opt_command: garbled option $option\n")
if ($option !~ /^([^=]+)=(.*)/);
eval('$opt_' . $1 . '=' . SqlQuote($2));
die("bogus characters in options")
if ($option !~ /^[\w\-\.\+\/\,\:\=]+$/ );
eval('$opt_' . $1 . '=' . SqlQuote($2));
}
if (defined($opt_branch) && $opt_branch eq 'HEAD' ) { $opt_branch = ''; }