Mercurial > hg > mlmmj

comparison contrib/web/php-admin/htdocs/edit.php @ 783:a50b8ab11d28

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Validate input in php-admin to avoid altering arbitrary files (Florian Streibelt, Morten Shearman Kirkegaard)
author Ben Schmidt
date Sun, 21 Nov 2010 00:25:20 +1100
parents 6d354f3a8d90
children d92234debf5c
comparison
equal deleted inserted replaced
718:edfd37c7ec4c 783:a50b8ab11d28
102 $list = $HTTP_GET_VARS["list"]; 102 $list = $HTTP_GET_VARS["list"];
103 103
104 if(!isset($list)) 104 if(!isset($list))
105 die("no list specified"); 105 die("no list specified");
106 106
107 if (strchr($list, "/") !== false)
108 die("slash in list name");
109
110 if ($list == ".")
111 die("list name is dot");
112
113 if ($list == "..")
114 die("list name is dot-dot");
115
107 if(!is_dir($topdir."/".$list)) 116 if(!is_dir($topdir."/".$list))
108 die("non-existent list"); 117 die("non-existent list");
109 118
110 $tpl->define(array("main" => "edit.html", 119 $tpl->define(array("main" => "edit.html",
111 "boolean" => "edit_boolean.html", 120 "boolean" => "edit_boolean.html",