Lines 756-761
Link Here
|
756 |
$val =~ s/^\s+//; |
756 |
$val =~ s/^\s+//; |
757 |
$val =~ s/\s+$//; |
757 |
$val =~ s/\s+$//; |
758 |
|
758 |
|
|
|
759 |
if ( $key =~ /^theme$/i ) |
760 |
{ |
761 |
# Themes may only be named using numbers + letters |
762 |
$val =~ tr[A-Za-z0-9]||cd; |
763 |
} |
764 |
|
759 |
# Could cookie traversal cause problems? |
765 |
# Could cookie traversal cause problems? |
760 |
$val = &sanitizePath( $val ); |
766 |
$val = &sanitizePath( $val ); |
761 |
|
767 |
|
Lines 829-834
Link Here
|
829 |
$key = &urlDecode( $key ); |
835 |
$key = &urlDecode( $key ); |
830 |
$val = &urlDecode( $val ); |
836 |
$val = &urlDecode( $val ); |
831 |
|
837 |
|
|
|
838 |
if ( $key =~ /^theme$/i ) |
839 |
{ |
840 |
# Themes may only be named using numbers + letters |
841 |
$val =~ tr[A-Za-z0-9]||cd; |
842 |
} |
843 |
|
832 |
# Avoid "../" attacks in parameter values. |
844 |
# Avoid "../" attacks in parameter values. |
833 |
$val = &sanitizePath( $val ); |
845 |
$val = &sanitizePath( $val ); |
834 |
|
846 |
|