From 37d5a254ab12cdcb23fa10a27f3bf60fd4750eb1 Mon Sep 17 00:00:00 2001
From: Jamie Cameron <jcameron@webmin.com>
Date: Thu, 14 Feb 2008 08:27:59 +0000
Subject: [PATCH] Fix XSS

---
 uptracker.cgi | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/uptracker.cgi b/uptracker.cgi
index e2cddd881..80a4dac7e 100755
--- a/uptracker.cgi
+++ b/uptracker.cgi
@@ -1,14 +1,14 @@
 #!/usr/local/bin/perl
 # Output Javascript in a loop to track an upload
-# XXX add to more modules
 
+$trust_unknown_referers = 1;
 require './web-lib.pl';
 &init_config();
 do './ui-lib.pl';
 &ReadParse();
 $id = $in{'id'};
 $id || &error($text{'uptracker_eid'});
-$id !~ /\.\./ && $id !~ /\0/ || &error($text{'uptracker_eid2'});
+$id =~ /^[a-z0-9_]+$/i || &error($text{'uptracker_eid2'});
 
 &popup_header($text{'uptracker_title'}, undef,
 	      "onunload='if (!window.doneupload) { opener.stop() }'");