Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bugzilla DB migration completed. Please report issues to Infra team via email via infra@gentoo.org or IRC
View | Details | Raw Unified | Return to bug 111990 | Differences between
and this patch

Collapse All | Expand All

(-)gnump3d-orig (+12 lines)
Lines 756-761 Link Here
756
			$val =~ s/^\s+//;
756
			$val =~ s/^\s+//;
757
			$val =~ s/\s+$//;
757
			$val =~ s/\s+$//;
758
758
759
			if ( $key =~ /^theme$/i )
760
			{
761
			    # Themes may only be named using numbers + letters
762
			    $val =~ tr[A-Za-z0-9]||cd;
763
			}
764
759
			# Could cookie traversal cause problems?
765
			# Could cookie traversal cause problems?
760
			$val = &sanitizePath( $val );
766
			$val = &sanitizePath( $val );
761
767
Lines 829-834 Link Here
829
			$key = &urlDecode( $key );
835
			$key = &urlDecode( $key );
830
			$val = &urlDecode( $val );
836
			$val = &urlDecode( $val );
831
837
838
			if ( $key =~ /^theme$/i )
839
			{
840
			    # Themes may only be named using numbers + letters
841
			    $val =~ tr[A-Za-z0-9]||cd;
842
			}
843
832
			# Avoid "../" attacks in parameter values.
844
			# Avoid "../" attacks in parameter values.
833
			$val = &sanitizePath( $val );
845
			$val = &sanitizePath( $val );
834
846

Return to bug 111990