From: Sven Velt <sven@velt.de>
Date: Tue, 25 May 2010 14:02:50 +0000 (+0200)
Subject: Dots are a security hole in filenames
X-Git-Url: https://git.tokkee.org/?p=nagixsc.git;a=commitdiff_plain;h=d2b71c8b1397d05a7fb4b8ddee6bc434ef09684b

Dots are a security hole in filenames

Signed-off-by: Sven Velt <sven@velt.de>
---

diff --git a/nagixsc_conf2http.py b/nagixsc_conf2http.py
index 3dece81..8738d04 100755
--- a/nagixsc_conf2http.py
+++ b/nagixsc_conf2http.py
@@ -102,7 +102,7 @@ class Conf2HTTPHandler(MyHTTPRequestHandler):
 		if re.search('\.\.', configfile):
 			self.http_error(500, 'Found ".." in config file name')
 			return
-		if not re.search('^[a-zA-Z0-9-_\.]+$', configfile):
+		if not re.search('^[a-zA-Z0-9-_]+$', configfile):
 			self.http_error(500, 'Config file name contains invalid characters')
 			return