Security patch
Brought to you by:
e4c5
Menu
▾
▴
#1 Security patch
Add regex to secure session id. Because the session id
is used in filenames, the following lines are suggested:
In progress.cgi :
$sessionid = $query->param('sessionid');
> $sessionid =~ s/[^a-zA-Z0-9]//g;
In upload.cgi :
@qstring=split(/&/,$ENV{'QUERY_STRING'});
@p1 = split(/=/,$qstring[0]);
$sessionid = $p1[1];
> $sessionid =~ s/[^a-zA-Z0-9]//g;
Logged In: YES
user_id=943591
this is maybe needed might
help progress to