michael/webmin
1
0
Fork 0
mirror of https://github.com/webmin/webmin.git synced 2026-02-03 14:13:29 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Add some missing escaping

Browse Source
This commit is contained in:
Jamie Cameron
2017-05-31 14:43:10 -07:00
parent 0d1f01d511
commit 06752583db
17 changed files with 26 additions and 25 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
filemin/bookmark.cgi
View File

@@ -15,4 +15,4 @@ $bookmarks = &read_file_lines($confdir.'/.bookmarks');
push @$bookmarks, $path; push @$bookmarks, $path;
&flush_file_lines("$confdir/.bookmarks"); &flush_file_lines("$confdir/.bookmarks");
&redirect("index.cgi?path=$path"); &redirect("index.cgi?path=".&urlize($path));

2
filemin/chattr.cgi
View File

@@ -43,6 +43,6 @@ else {
print_errors(@errors); print_errors(@errors);
} }
else { else {
&redirect("index.cgi?path=$path"); &redirect("index.cgi?path=".&urlize($path));
} }
} }

2
filemin/chcon.cgi
View File

@@ -42,6 +42,6 @@ else {
print_errors(@errors); print_errors(@errors);
} }
else { else {
&redirect("index.cgi?path=$path"); &redirect("index.cgi?path=".&urlize($path));
} }
} }

2
filemin/chmod.cgi
View File

@@ -74,5 +74,5 @@ if($in{'applyto'} eq '5') {
if (scalar(@errors) > 0) { if (scalar(@errors) > 0) {
print_errors(@errors); print_errors(@errors);
} else { } else {
&redirect("index.cgi?path=$path"); &redirect("index.cgi?path=".&urlize($path));
} }

4
filemin/chown.cgi
View File

@@ -7,7 +7,7 @@ require './filemin-lib.pl';
get_paths(); get_paths();
if(!$in{'owner'} or !$in{'group'}) { if(!$in{'owner'} or !$in{'group'}) {
&redirect("index.cgi?path=$path"); &redirect("index.cgi?path=".&urlize($path));
} }
(my $login, my $pass, my $uid, my $gid) = getpwnam($in{'owner'}); (my $login, my $pass, my $uid, my $gid) = getpwnam($in{'owner'});
@@ -37,6 +37,6 @@ if (scalar(@errors) > 0) {
if (scalar(@errors) > 0) { if (scalar(@errors) > 0) {
print_errors(@errors); print_errors(@errors);
} else { } else {
&redirect("index.cgi?path=$path"); &redirect("index.cgi?path=".&urlize($path));
} }
} }

4
filemin/compress.cgi
View File

@@ -5,7 +5,7 @@ require './filemin-lib.pl';
get_paths(); get_paths();
if(!$in{'arch'}) { if(!$in{'arch'}) {
&redirect("index.cgi?path=$path"); &redirect("index.cgi?path=".&urlize($path));
} }
my $command; my $command;
@@ -26,4 +26,4 @@ foreach my $name(split(/\0/, $in{'name'}))
system_logged($command); system_logged($command);
&redirect("index.cgi?path=$path"); &redirect("index.cgi?path=".&urlize($path));

2
filemin/config.cgi
View File

@@ -46,4 +46,4 @@ print &ui_hidden('path', $path);
print &ui_form_end([ [ save, $text{'save'} ] ]); print &ui_form_end([ [ save, $text{'save'} ] ]);
&ui_print_footer("index.cgi?path=$path", $text{'previous_page'}); &ui_print_footer("index.cgi?path=".&urlize($path), $text{'previous_page'});

2
filemin/copy.cgi
View File

@@ -16,4 +16,4 @@ foreach $name (split(/\0/, $in{'name'})) {
close($fh); close($fh);
&redirect("index.cgi?path=$path"); &redirect("index.cgi?path=".&urlize($path));

2
filemin/cut.cgi
View File

@@ -16,4 +16,4 @@ foreach $name (split(/\0/, $in{'name'})) {
close($fh); close($fh);
&redirect("index.cgi?path=$path"); &redirect("index.cgi?path=".&urlize($path));

2
filemin/delete.cgi
View File

@@ -16,5 +16,5 @@ foreach $name (split(/\0/, $in{'name'})) {
if (scalar(@errors) > 0) { if (scalar(@errors) > 0) {
print_errors(@errors); print_errors(@errors);
} else { } else {
&redirect("index.cgi?path=$path"); &redirect("index.cgi?path=".&urlize($path));
} }

2
filemin/edit_file.cgi
View File

@@ -55,4 +55,4 @@ print "<script type='text/javascript'>\$(document).ready( function() { change('"
. $in{'file'} . $in{'file'}
. "'); });</script>"; . "'); });</script>";
&ui_print_footer( "index.cgi?path=$path", $text{'previous_page'} ); &ui_print_footer( "index.cgi?path=".&urlize($path), $text{'previous_page'} );

10
filemin/extract.cgi
View File

@@ -13,7 +13,7 @@ $archive_type = mimetype($cwd.'/'.$in{'file'});
if ( index( $archive_type, "x-bzip" ) != -1 ) { if ( index( $archive_type, "x-bzip" ) != -1 ) {
&backquote_logged( "tar xvjfp " . quotemeta("$cwd/$in{'file'}") . " -C " . quotemeta($cwd) ); &backquote_logged( "tar xvjfp " . quotemeta("$cwd/$in{'file'}") . " -C " . quotemeta($cwd) );
&redirect("index.cgi?path=$path"); &redirect("index.cgi?path=".&urlize($path));
} }
elsif (index( $archive_type, "x-tar" ) != -1 elsif (index( $archive_type, "x-tar" ) != -1
|| index( $archive_type, "/gzip" ) != -1 || index( $archive_type, "/gzip" ) != -1
@@ -21,19 +21,19 @@ elsif (index( $archive_type, "x-tar" ) != -1
|| index( $archive_type, "x-compressed-tar" ) != -1 ) || index( $archive_type, "x-compressed-tar" ) != -1 )
{ {
&backquote_logged( "tar xfp " . quotemeta("$cwd/$in{'file'}") . " -C " . quotemeta($cwd) ); &backquote_logged( "tar xfp " . quotemeta("$cwd/$in{'file'}") . " -C " . quotemeta($cwd) );
&redirect("index.cgi?path=$path"); &redirect("index.cgi?path=".&urlize($path));
} }
elsif ( index( $archive_type, "x-7z" ) != -1 ) { elsif ( index( $archive_type, "x-7z" ) != -1 ) {
&backquote_logged( "7z x " . quotemeta("$cwd/$in{'file'}") . " -o" . quotemeta($cwd) ); &backquote_logged( "7z x " . quotemeta("$cwd/$in{'file'}") . " -o" . quotemeta($cwd) );
&redirect("index.cgi?path=$path"); &redirect("index.cgi?path=".&urlize($path));
} }
elsif ( index( $archive_type, "/zip" ) != -1 ) { elsif ( index( $archive_type, "/zip" ) != -1 ) {
&backquote_logged( "unzip " . quotemeta("$cwd/$in{'file'}") . " -d " . quotemeta($cwd) ); &backquote_logged( "unzip " . quotemeta("$cwd/$in{'file'}") . " -d " . quotemeta($cwd) );
&redirect("index.cgi?path=$path"); &redirect("index.cgi?path=".&urlize($path));
} }
elsif ( index( $archive_type, "/x-rar" ) != -1 ) { elsif ( index( $archive_type, "/x-rar" ) != -1 ) {
&backquote_logged( "unrar x -r -y " . quotemeta("$cwd/$in{'file'}") . " " . quotemeta($cwd) ); &backquote_logged( "unrar x -r -y " . quotemeta("$cwd/$in{'file'}") . " " . quotemeta($cwd) );
&redirect("index.cgi?path=$path"); &redirect("index.cgi?path=".&urlize($path));
} }
elsif ( index( $archive_type, "/x-rpm" ) != -1 || index( $archive_type, "/x-deb" ) != -1 ) { elsif ( index( $archive_type, "/x-rpm" ) != -1 || index( $archive_type, "/x-deb" ) != -1 ) {
my $dir = fileparse( "$cwd/$name", qr/\.[^.]*/ ); my $dir = fileparse( "$cwd/$name", qr/\.[^.]*/ );

2
filemin/paste.cgi
View File

@@ -40,6 +40,6 @@ if ($cwd eq $from) {
if (scalar(@errors) > 0) { if (scalar(@errors) > 0) {
print_errors(@errors); print_errors(@errors);
} else { } else {
&redirect("index.cgi?path=$path"); &redirect("index.cgi?path=".&urlize($path));
} }
} }

4
filemin/rename.cgi
View File

@@ -4,7 +4,7 @@ require './filemin-lib.pl';
&ReadParse(); &ReadParse();
if(!$in{'name'}) { if(!$in{'name'}) {
&redirect("index.cgi?path=$path"); &redirect("index.cgi?path=".&urlize($path));
} }
get_paths(); get_paths();
@@ -12,7 +12,7 @@ if (-e "$cwd/$in{'name'}") {
print_errors("$in{'name'} $text{'error_exists'}"); print_errors("$in{'name'} $text{'error_exists'}");
} else { } else {
if(&rename_file($cwd.'/'.$in{'file'}, $cwd.'/'.$in{'name'})) { if(&rename_file($cwd.'/'.$in{'file'}, $cwd.'/'.$in{'name'})) {
&redirect("index.cgi?path=$path"); &redirect("index.cgi?path=".&urlize($path));
} else { } else {
print_errors("$text{'error_rename'} $in{'file'}: $!"); print_errors("$text{'error_rename'} $in{'file'}: $!");
} }

2
filemin/save_config.cgi
View File

@@ -23,4 +23,4 @@ open(BOOK, ">", "$confdir/.bookmarks") or $info = $!;
print BOOK $bookmarks; print BOOK $bookmarks;
close BOOK; close BOOK;
&redirect("index.cgi?path=$path"); &redirect("index.cgi?path=".&urlize($path));

5
filemin/save_file.cgi
View File

@@ -21,7 +21,8 @@ if ( $in{'encoding'} && lc( $in{'encoding'} ) ne "utf-8" ) {
&close_tempfile(SAVE); &close_tempfile(SAVE);
if ($in{'save_close'}) { if ($in{'save_close'}) {
&redirect("index.cgi?path=$path"); &redirect("index.cgi?path=".&urlize($path));
} else { } else {
&redirect("edit_file.cgi?path=$path&file=$in{'file'}"); &redirect("edit_file.cgi?path=".&urlize($path).
"&file=".&urlize($in{'file'}));
} }

2
filemin/search.cgi
View File

@@ -25,4 +25,4 @@ if($in{'caseins'}) {
print_interface(); print_interface();
&ui_print_footer("index.cgi?path=$path", $text{'previous_page'}); &ui_print_footer("index.cgi?path=".&urize($path), $text{'previous_page'});