tyler.durden
/
pandorafms
mirror of https://github.com/pandorafms/pandorafms.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

2013-10-10 Ramon Novoa <rnovoa@artica.es> 

* src/expand_command.cc: Improved injection detection. Thanks to
	  Robert van Hamburg (xistence) for finding the vulnerability.



git-svn-id: https://svn.code.sf.net/p/pandora/code/trunk@8884 c3f86ba8-e40f-0410-aaad-9ba5e7f4b01f
This commit is contained in:
ramonn 2013-10-10 10:30:10 +00:00
parent 202ccfc37d
commit 02380b76d8
2 changed files with 9 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
extras/anytermd/ChangeLog
View File

@ -1,3 +1,8 @@
2013-10-10 Ramon Novoa <rnovoa@artica.es>
* src/expand_command.cc: Improved injection detection. Thanks to
Robert van Hamburg (xistence) for finding the vulnerability.
2013-10-10 Ramon Novoa <rnovoa@artica.es> 2013-10-10 Ramon Novoa <rnovoa@artica.es>
* src/expand_command.cc, * src/expand_command.cc,

6
extras/anytermd/src/expand_command.cc
View File

@ -25,8 +25,10 @@ using namespace std;
string safe_param (string param) string safe_param (string param)
{ {
// Remove leading backticks // Remove leading backticks and blanks
while (!param.empty() && param.at(0) == '`') { while (!param.empty() && (param.at(0) == '`' ||
param.at(0) == '\t'||
param.at(0) == ' ')) {
param.erase(0); param.erase(0);
} }