From: pcanterino <> Date: Thu, 6 Jan 2005 14:28:00 +0000 (+0000) Subject: - Fixed a bug occuring if the "curdir" CGI parameter had no trailing slash and X-Git-Tag: version_2_3~4 X-Git-Url: https://git.p6c8.net/devedit.git/commitdiff_plain/dff53f21c8fccc7585f785fec893a5773e78a1b6?ds=inline - Fixed a bug occuring if the "curdir" CGI parameter had no trailing slash and the "newfile" parameter had no leading slash - On Windows systems it was possible to access the directories above the root directory by accessing a path ending with "..." or "...." and so on --- diff --git a/devedit.pl b/devedit.pl index 4ddc9e1..ee4f5fc 100644 --- a/devedit.pl +++ b/devedit.pl @@ -60,7 +60,7 @@ my $new_virtual = ''; if($newfile ne '' && $newfile !~ /^\s+$/) { $curdir = upper_path($file) if($curdir eq ''); - my $path = $curdir.$newfile; + my $path = $curdir.'/'.$newfile; # Extract file and directory name... diff --git a/modules/Tool.pm b/modules/Tool.pm index e3056c5..dc11571 100644 --- a/modules/Tool.pm +++ b/modules/Tool.pm @@ -72,7 +72,7 @@ sub check_path($$) # Check if the path is above the root directory return if(index($path,$root) != 0); - return if($first eq $root && $last =~ m!^(/|\\)?\.\.(/|\\)?$!); + return if($first eq $root && ($last eq '..' || ($^O eq 'MSWin32' && $last =~ m!^\.\.+$!))); # Create short path name