bitlair/revbank
6
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Fix bug: "undo ?" would undo EVERYTHING.

Browse source 
Reported by qguv.

Cause: user input used in a regex without validation or escaping.
This commit is contained in:
Juerd Waalboer 2015-10-01 15:48:27 +02:00
parent 4b433a15aa
commit 1f658524f0
1 changed files with 1 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
plugins/undo
View file

@ -20,7 +20,7 @@ sub undo {
open my $in, '<', $filename or die "$filename: $!"; open my $in, '<', $filename or die "$filename: $!";
open my $out, '>', "$filename.$$" or die "$filename.$$: $!"; open my $out, '>', "$filename.$$" or die "$filename.$$: $!";
while (defined(my $line = readline $in)) { while (defined(my $line = readline $in)) {
if ($line =~ /^$tid\s/) { if ($line =~ /^\Q$tid\E\s/) {
my (undef, $user, $delta) = split " ", $line; my (undef, $user, $delta) = split " ", $line;
$cart->add($user, $delta, "Undo $tid"); $cart->add($user, $delta, "Undo $tid");
} else { } else {