mirror of
https://github.com/mozilla/gecko-dev.git
synced 2024-10-09 03:15:11 +00:00
Security check needs to happen after the eval, so that it's matching
variable side-effects don't hurt us.
This commit is contained in:
parent
08a59eeda9
commit
b34de55811
@ -400,9 +400,9 @@ my $opt_subdir;
|
||||
foreach my $option (split(/&/, $query_string)) {
|
||||
die("command $opt_command: garbled option $option\n")
|
||||
if ($option !~ /^([^=]+)=(.*)/);
|
||||
eval('$opt_' . $1 . '=' . SqlQuote($2));
|
||||
die("bogus characters in options")
|
||||
if ($option !~ /^[\w\-\.\+\/\,\:\=]+$/ );
|
||||
eval('$opt_' . $1 . '=' . SqlQuote($2));
|
||||
}
|
||||
|
||||
if (defined($opt_branch) && $opt_branch eq 'HEAD' ) { $opt_branch = ''; }
|
||||
|
Loading…
Reference in New Issue
Block a user