From: paul <paul@plutz.net>
Date: Wed, 28 Mar 2012 01:59:27 +0000 (+0000)
Subject: fixed shellcode injection vulnerability in post data parser
X-Git-Url: http://git.plutz.net/?p=busy;a=commitdiff_plain;h=ce89f2c769bddf901043a998ab13571f1216b8a6

fixed shellcode injection vulnerability in post data parser

svn path=/trunk/; revision=39
---

diff --git a/write/projectmeta.cgi b/write/projectmeta.cgi
index 7f95dfd..215fe45 100755
--- a/write/projectmeta.cgi
+++ b/write/projectmeta.cgi
@@ -26,9 +26,9 @@ $ACL_ADMIN || exit 0
 if [ -n "${CONTENT_LENGTH}" -a "${CONTENT_LENGTH}" -gt 0 ]; then
 (head -c "${CONTENT_LENGTH}"; echo)|sed 's/&/\n/g' \
   |sed -rn '/^((appName|appSlogan|svnRepo|gitRepo|flattrThingURL|paypalAddress|btcAddress)=.*|repoType=(svn|git)|(useFlattr|usePaypal|useBitcoin)=yes)$/{
-            s:\+: :g;s:%:\\x:g;s:^([a-zA-Z0-9_+-]+)=(.*)$:\1='"'\2'"':;p}' \
+            s:\+: :g;s:%:\\x:g;p}' \
   |while line="$(line)"; do
-    eval "$(echo -e "$line" |tr -d '\n\r')"
+    eval "$(echo -e "$line" |sed -r 's:[\n\r'\'']::g;s:^([a-zA-Z0-9_+-]+)=(.*)$:\1='"'\2'"':;')"
   done
 fi