bitlair/revbank
6
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

SECURITY: fix arbitrary code injection in recent transactions list.

Browse source
This commit is contained in:
Juerd Waalboer 2015-10-20 22:12:37 +02:00
parent 1f658524f0
commit 863e4f6e91
1 changed files with 1 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
plugins/users
View file

@ -46,7 +46,7 @@ sub recent {
my ($n, $u) = @_; my ($n, $u) = @_;
$n += 0; $n += 0;
print "Last $n transactions for $u:\n"; print "Last $n transactions for $u:\n";
system "perl -lane'lc(\$F[3]) eq lc('\Q$u\E') or next; s/CHECKOUT\\s+\\S+\\s+\\S+\\s+// or next; s/ #// or next; s/_/ /; print' .revbank.log | tail -n$n"; system "perl -lane'lc(\$F[3]) eq lc(q[\Q$u\E]) or next; s/CHECKOUT\\s+\\S+\\s+\\S+\\s+// or next; s/ #// or next; s/_/ /; print' .revbank.log | tail -n$n";
} }
sub balance { sub balance {