diff options
author | Kevin P. Fleming <kpfleming@digium.com> | 2005-10-30 16:30:35 +0000 |
---|---|---|
committer | Kevin P. Fleming <kpfleming@digium.com> | 2005-10-30 16:30:35 +0000 |
commit | ccc121825f844532cf8c6ccfe98e16cbb22ed56a (patch) | |
tree | 80bf210bad329f7924e25390480e8a09255c8db4 | |
parent | 06320f579085f53646dd2248dc1e9233a8833e90 (diff) |
protect web form parameters against malicious input
git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@6896 65c4cc65-6c06-0410-ace0-fbb531ad65f3
-rwxr-xr-x | contrib/scripts/vmail.cgi | 10 |
1 files changed, 6 insertions, 4 deletions
diff --git a/contrib/scripts/vmail.cgi b/contrib/scripts/vmail.cgi index 5a428970d..4ac1c8579 100755 --- a/contrib/scripts/vmail.cgi +++ b/contrib/scripts/vmail.cgi @@ -545,14 +545,16 @@ _EOH sub message_audio() { my ($forcedownload) = @_; - my $folder = param('folder'); - my $msgid = param('msgid'); - my $mailbox = param('mailbox'); - my $context = param('context'); + my $folder = &untaint(param('folder')); + my $msgid = &untaint(param('msgid')); + my $mailbox = &untaint(param('mailbox')); + my $context = &untaint(param('context')); my $format = param('format'); if (!$format) { $format = &getcookie('format'); } + &untaint($format); + my $path = "/var/spool/asterisk/voicemail/$context/$mailbox/$folder/msg${msgid}.$format"; $msgid =~ /^\d\d\d\d$/ || die("Msgid Liar ($msgid)!"); |