blob: 977d2fcafc6faa3453607f1806f85a32a6bf9501 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
|
Index: scheduler/client.c
===================================================================
--- a/scheduler/client.c (revision 11597)
+++ b/scheduler/client.c (working copy)
@@ -3316,6 +3316,14 @@
return (0);
/*
+ * Check for "<" or quotes in the path and reject since this is probably
+ * someone trying to inject HTML...
+ */
+
+ if (strchr(path, '<') != NULL || strchr(path, '\"') != NULL || strchr(path, '\'') != NULL)
+ return (0);
+
+ /*
* Check for "/.." in the path...
*/
|