]> git.plutz.net Git - clickslide/commitdiff
allow dots in static file names
authorpaul <paul@plutz.net>
Mon, 11 Apr 2016 17:24:21 +0000 (17:24 +0000)
committerpaul <paul@plutz.net>
Mon, 11 Apr 2016 17:24:21 +0000 (17:24 +0000)
svn path=/trunk/; revision=25

index.cgi

index 92ccfd618583b874c3af61879b6b3c6287a2aec8..f35a5bde73275203b6df7eef4bed996166cc46d7 100755 (executable)
--- a/index.cgi
+++ b/index.cgi
@@ -40,7 +40,7 @@ _EXEC="${real%/shcgi/index.cgi}"  #execution directory
 
   PAGE=$(validate   "${PAGE:-${_GET[page]}}"   '[a-zA-Z0-9_-]+' '')
 ACTION=$(validate "${ACTION:-${_GET[action]}}" '[a-zA-Z0-9_-]+' '')
 
   PAGE=$(validate   "${PAGE:-${_GET[page]}}"   '[a-zA-Z0-9_-]+' '')
 ACTION=$(validate "${ACTION:-${_GET[action]}}" '[a-zA-Z0-9_-]+' '')
-STATIC=$(validate "${STATIC:-${_GET[static]}}" '[^\.]+' '')
+STATIC=$(invalidate "${STATIC:-${_GET[static]}}" '(^|.*/)\.\./.*' '')
 
 if   [ -n "$PAGE"   -a -x "${_EXEC}/pages/${PAGE}.sh" ]; then
   . "$_EXEC/shcgi/page.sh"
 
 if   [ -n "$PAGE"   -a -x "${_EXEC}/pages/${PAGE}.sh" ]; then
   . "$_EXEC/shcgi/page.sh"