projects
/
webmin.git
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
| inline |
side by side
(parent:
b8a9753
)
Prevent bad redirect URL
author
Jamie Cameron
<jcameron@webmin.com>
Sun, 20 Dec 2009 01:31:11 +0000
(17:31 -0800)
committer
Jamie Cameron
<jcameron@webmin.com>
Sun, 20 Dec 2009 01:31:11 +0000
(17:31 -0800)
miniserv.pl
patch
|
blob
|
history
diff --git
a/miniserv.pl
b/miniserv.pl
index
0a7af95
..
f0f020f
100755
(executable)
--- a/
miniserv.pl
+++ b/
miniserv.pl
@@
-3554,6
+3554,10
@@
if ($ok && (!$expired ||
$prot = $ssl ? "https" : "http";
local $sec = $ssl ? "; secure" : "";
#$sec .= "; httpOnly";
+ if ($in{'page'} !~ /^\/[A-Za-z0-9\/\.\-\_]+$/) {
+ # Make redirect URL safe
+ $in{'page'} = "/";
+ }
if ($in{'save'}) {
&write_data("Set-Cookie: $sidname=$sid; path=/; expires=\"Thu, 31-Dec-2037 00:00:00\"$sec\r\n");
}