[sword-svn] r2311 - trunk/utilities/diatheke/cgi
benpmorgan at crosswire.org
benpmorgan at crosswire.org
Thu Apr 9 00:10:50 MST 2009
Author: benpmorgan
Date: 2009-04-09 00:10:50 -0700 (Thu, 09 Apr 2009)
New Revision: 2311
Modified:
trunk/utilities/diatheke/cgi/diatheke.pl
Log:
Fix big security hole that was reported a long time ago
Modified: trunk/utilities/diatheke/cgi/diatheke.pl
===================================================================
--- trunk/utilities/diatheke/cgi/diatheke.pl 2009-04-09 06:11:34 UTC (rev 2310)
+++ trunk/utilities/diatheke/cgi/diatheke.pl 2009-04-09 07:10:50 UTC (rev 2311)
@@ -138,8 +138,7 @@
$range = $mydata;
$range =~ tr/+/ /;
$range =~ s/%([a-fA-F0-9][a-fA-F0-9])/pack("C", hex($1))/eg;
- $range = "-r \"$range\"";
- $range = shell_escape($range);
+ $range = "-r '" . shell_escape($range) . "'";
}
elsif ($varname eq "strongs") {
More information about the sword-cvs
mailing list