File: 05dirtraversal.dpatch

package info (click to toggle)
sql-ledger 2.4.7-2sarge1
  • links: PTS
  • area: main
  • in suites: sarge
  • size: 1,836 kB
  • ctags: 6
  • sloc: sh: 1,207; perl: 124; makefile: 69
file content (35 lines) | stat: -rw-r--r-- 1,168 bytes parent folder | download
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
#! /bin/sh -e
##
## All lines beginning with `## DP:' are a description of the patch.
##
## DP: Fix directory traversal bug.

[ -f debian/patches/00patch-opts ] && . debian/patches/00patch-opts
patch_opts="${patch_opts:--f --no-backup-if-mismatch}"

if [ $# -ne 1 ]; then
    echo >&2 "`basename $0`: script expects -patch|-unpatch as argument"
    exit 1
fi
case "$1" in
       -patch)   ( cd BUILD/sql-ledger && patch $patch_opts -p3 ) < $0 ;;
       -unpatch) ( cd BUILD/sql-ledger && patch $patch_opts -p3 -R ) < $0 ;;
        *)
                echo >&2 "`basename $0`: script expects -patch|-unpatch as argument"
                exit 1;;
esac

exit 0
@DPATCH@
diff -Nru /tmp/P47HhTUMbJ/sql-ledger-2.6.18/login.pl /tmp/iMvQ6ZGqR0/sql-ledger-2.6.19/login.pl
--- /tmp/P47HhTUMbJ/sql-ledger-2.6.18/login.pl	2005-10-28 18:38:31.000000000 +0200
+++ /tmp/iMvQ6ZGqR0/sql-ledger-2.6.19/login.pl	2006-09-11 22:13:58.000000000 +0200
@@ -111,6 +111,8 @@
 
 
   if ($form{terminal}) {
+    $form{terminal} =~ s/%2f/\//gi;
+    $form{terminal} =~ s/\.\.\///g;
 
     $ARGV[0] = "path=bin/$form{terminal}&script=$script";
     map { $ARGV[0] .= "&${_}=$form{$_}" } keys %form;