Fix XSS

2026-03-20 08:40:24 +00:00 · 2008-02-14 08:27:59 +00:00
parent 7e72a67822
commit 37d5a254ab
1 changed files with 2 additions and 2 deletions
--- a/uptracker.cgi
+++ b/uptracker.cgi
@@ -1,14 +1,14 @@
 #!/usr/local/bin/perl
 # Output Javascript in a loop to track an upload
-# XXX add to more modules

+$trust_unknown_referers = 1;
 require './web-lib.pl';
 &init_config();
 do './ui-lib.pl';
 &ReadParse();
 $id = $in{'id'};
 $id || &error($text{'uptracker_eid'});
-$id !~ /\.\./ && $id !~ /\0/ || &error($text{'uptracker_eid2'});
+$id =~ /^[a-z0-9_]+$/i || &error($text{'uptracker_eid2'});

 &popup_header($text{'uptracker_title'}, undef,
 	      "onunload='if (!window.doneupload) { opener.stop() }'");