From d2b71c8b1397d05a7fb4b8ddee6bc434ef09684b Mon Sep 17 00:00:00 2001 From: Sven Velt Date: Tue, 25 May 2010 16:02:50 +0200 Subject: [PATCH] Dots are a security hole in filenames Signed-off-by: Sven Velt --- nagixsc_conf2http.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/nagixsc_conf2http.py b/nagixsc_conf2http.py index 3dece81..8738d04 100755 --- a/nagixsc_conf2http.py +++ b/nagixsc_conf2http.py @@ -102,7 +102,7 @@ class Conf2HTTPHandler(MyHTTPRequestHandler): if re.search('\.\.', configfile): self.http_error(500, 'Found ".." in config file name') return - if not re.search('^[a-zA-Z0-9-_\.]+$', configfile): + if not re.search('^[a-zA-Z0-9-_]+$', configfile): self.http_error(500, 'Config file name contains invalid characters') return -- 2.30.2