kenmirrors/asterisk
1
0
Fork 0
mirror of https://github.com/asterisk/asterisk.git synced 2025-09-05 20:20:07 +00:00
Code Issues Packages Projects Releases Wiki Activity

protect web form parameters against malicious input

Browse Source 
git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@6896 65c4cc65-6c06-0410-ace0-fbb531ad65f3
This commit is contained in:
Kevin P. Fleming
2005-10-30 16:30:35 +00:00
parent 06320f5790
commit ccc121825f
1 changed files with 6 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
contrib/scripts/vmail.cgi
View File

@@ -545,14 +545,16 @@ _EOH
sub message_audio()
{
my ($forcedownload) = @_;
my $folder = param('folder');
my $msgid = param('msgid');
my $mailbox = param('mailbox');
my $context = param('context');
my $folder = &untaint(param('folder'));
my $msgid = &untaint(param('msgid'));
my $mailbox = &untaint(param('mailbox'));
my $context = &untaint(param('context'));
my $format = param('format');
if (!$format) {
$format = &getcookie('format');
}
&untaint($format);
my $path = "/var/spool/asterisk/voicemail/$context/$mailbox/$folder/msg${msgid}.$format";
$msgid =~ /^\d\d\d\d$/ || die("Msgid Liar ($msgid)!");