Mercurial > hg > mlmmj

comparison contrib/web/php-admin/htdocs/save.php @ 783:a50b8ab11d28

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Validate input in php-admin to avoid altering arbitrary files (Florian Streibelt, Morten Shearman Kirkegaard)
author Ben Schmidt
date Sun, 21 Nov 2010 00:25:20 +1100
parents 6d354f3a8d90
children d92234debf5c
comparison
equal deleted inserted replaced
718:edfd37c7ec4c 783:a50b8ab11d28
77 $list = $HTTP_POST_VARS["list"]; 77 $list = $HTTP_POST_VARS["list"];
78 78
79 if(!isset($list)) 79 if(!isset($list))
80 die("no list specified"); 80 die("no list specified");
81 81
82 if (strchr($list, "/") !== false)
83 die("slash in list name");
84
85 if ($list == ".")
86 die("list name is dot");
87
88 if ($list == "..")
89 die("list name is dot-dot");
90
82 if(!is_dir($topdir."/".$list)) 91 if(!is_dir($topdir."/".$list))
83 die("non-existent list"); 92 die("non-existent list");
84 93
85 $tpl->define(array("main" => "save.html")); 94 $tpl->define(array("main" => "save.html"));
86 $tpl->assign(array("LIST" => htmlentities($list))); 95 $tpl->assign(array("LIST" => htmlentities($list)));