From ccc121825f844532cf8c6ccfe98e16cbb22ed56a Mon Sep 17 00:00:00 2001
From: "Kevin P. Fleming" <kpfleming@digium.com>
Date: Sun, 30 Oct 2005 16:30:35 +0000
Subject: protect web form parameters against malicious input

git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@6896 65c4cc65-6c06-0410-ace0-fbb531ad65f3
---
 contrib/scripts/vmail.cgi | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

(limited to 'contrib')

diff --git a/contrib/scripts/vmail.cgi b/contrib/scripts/vmail.cgi
index 5a428970d..4ac1c8579 100755
--- a/contrib/scripts/vmail.cgi
+++ b/contrib/scripts/vmail.cgi
@@ -545,14 +545,16 @@ _EOH
 sub message_audio()
 {
 	my ($forcedownload) = @_;
-	my $folder = param('folder');
-	my $msgid = param('msgid');
-	my $mailbox = param('mailbox');
-	my $context = param('context');
+	my $folder = &untaint(param('folder'));
+	my $msgid = &untaint(param('msgid'));
+	my $mailbox = &untaint(param('mailbox'));
+	my $context = &untaint(param('context'));
 	my $format = param('format');
 	if (!$format) {
 		$format = &getcookie('format');
 	}
+	&untaint($format);
+
 	my $path = "/var/spool/asterisk/voicemail/$context/$mailbox/$folder/msg${msgid}.$format";
 
 	$msgid =~ /^\d\d\d\d$/ || die("Msgid Liar ($msgid)!");
-- 
cgit v1.2.3