You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@whimsical.apache.org by se...@apache.org on 2020/10/04 14:39:22 UTC
[whimsy] 05/05: Check input validity
This is an automated email from the ASF dual-hosted git repository.
sebb pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/whimsy.git
commit 5d0e0d05156fb011bb679c95b9f76fe35b7ffab6
Author: Sebb <se...@apache.org>
AuthorDate: Sun Oct 4 15:39:09 2020 +0100
Check input validity
---
www/fundraising/invoice.cgi | 9 ++++++---
1 file changed, 6 insertions(+), 3 deletions(-)
diff --git a/www/fundraising/invoice.cgi b/www/fundraising/invoice.cgi
index f51b35f..e5c21f8 100755
--- a/www/fundraising/invoice.cgi
+++ b/www/fundraising/invoice.cgi
@@ -471,9 +471,12 @@ _html do
_p "Wells Fargo Bank"
end
- @invoice_number.untaint if @invoice_number =~ /^\d+$/
- File.open("#{HISTORY}/#{@invoice_number}", 'w') do |file|
- file.write params.to_yaml
+ if @invoice_number =~ /\A\d+\z/
+ File.open("#{HISTORY}/#{@invoice_number}", 'w') do |file|
+ file.write params.to_yaml
+ end
+ else
+ _p "Invalid invoice number #{@invoice_number}, could not create invoice"
end
end
end