From: Sven Velt Date: Thu, 27 May 2010 13:29:29 +0000 (+0200) Subject: 2nd try: Dots are a security hole in file names X-Git-Url: https://git.tokkee.org/?a=commitdiff_plain;h=5f58593585806a3fd9980626d21fff398b366d46;p=nagixsc.git 2nd try: Dots are a security hole in file names Signed-off-by: Sven Velt --- diff --git a/nagixsc_conf2http.py b/nagixsc_conf2http.py index 8738d04..1c5d28f 100755 --- a/nagixsc_conf2http.py +++ b/nagixsc_conf2http.py @@ -102,7 +102,7 @@ class Conf2HTTPHandler(MyHTTPRequestHandler): if re.search('\.\.', configfile): self.http_error(500, 'Found ".." in config file name') return - if not re.search('^[a-zA-Z0-9-_]+$', configfile): + if not re.search('^[a-zA-Z0-9-_]+.conf$', configfile): self.http_error(500, 'Config file name contains invalid characters') return