You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@whimsical.apache.org by se...@apache.org on 2020/10/04 14:39:22 UTC

[whimsy] 05/05: Check input validity

This is an automated email from the ASF dual-hosted git repository.

sebb pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/whimsy.git

commit 5d0e0d05156fb011bb679c95b9f76fe35b7ffab6
Author: Sebb <se...@apache.org>
AuthorDate: Sun Oct 4 15:39:09 2020 +0100

    Check input validity
---
 www/fundraising/invoice.cgi | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/www/fundraising/invoice.cgi b/www/fundraising/invoice.cgi
index f51b35f..e5c21f8 100755
--- a/www/fundraising/invoice.cgi
+++ b/www/fundraising/invoice.cgi
@@ -471,9 +471,12 @@ _html do
         _p "Wells Fargo Bank"
       end
 
-      @invoice_number.untaint if @invoice_number =~ /^\d+$/
-      File.open("#{HISTORY}/#{@invoice_number}", 'w') do |file|
-        file.write params.to_yaml
+      if @invoice_number =~ /\A\d+\z/
+        File.open("#{HISTORY}/#{@invoice_number}", 'w') do |file|
+          file.write params.to_yaml
+        end
+      else
+        _p "Invalid invoice number #{@invoice_number}, could not create invoice"
       end
     end
   end