You are viewing a plain text version of this content. The canonical link for it is here.
Posted to axkit-dev@xml.apache.org by ma...@sergeant.org on 2006/08/24 15:33:34 UTC
[SVN] [120] Fixup logic, and security hole :-)
Revision: 120
Author: matt
Date: 2006-08-24 13:33:14 +0000 (Thu, 24 Aug 2006)
Log Message:
-----------
Fixup logic, and security hole :-)
Modified Paths:
--------------
trunk/plugins/demo/doc_viewer
Modified: trunk/plugins/demo/doc_viewer
===================================================================
--- trunk/plugins/demo/doc_viewer 2006-08-24 00:06:56 UTC (rev 119)
+++ trunk/plugins/demo/doc_viewer 2006-08-24 13:33:14 UTC (rev 120)
@@ -53,14 +53,20 @@
my $module = $uri;
$uri = "lib/$uri" unless $uri =~ /plugins::/;
$uri =~ s/::/\//g;
- $uri .= '.pm' if -e "${uri}.pm";
- $uri .= '.pod' if -e "${uri}.pod";
- # TODO: fix this huge security hole?
- $uri = `perldoc -l '$module'`;
+ if (-e "${uri}.pm") { $uri .= '.pm' }
+ elsif (-e "${uri}.pod") { $uri .= '.pod' }
+ else {
+ die "Invalid module name: $module" if $module =~ /[^\w:]/;
+ chomp($uri = `perldoc -l '$module'`);
+ }
+ if ($uri !~ /\//) {
+ return NOT_FOUND;
+ }
}
else {
# Ignore?
- die "Unsupported URL: $uri";
+ # die "Unsupported URL: $uri";
+ return NOT_FOUND;
}
my $builder = XML::LibXML::SAX::Builder->new();