From 5f58593585806a3fd9980626d21fff398b366d46 Mon Sep 17 00:00:00 2001
From: Sven Velt <sven@velt.de>
Date: Thu, 27 May 2010 15:29:29 +0200
Subject: [PATCH] 2nd try: Dots are a security hole in file names

Signed-off-by: Sven Velt <sven@velt.de>
---
 nagixsc_conf2http.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/nagixsc_conf2http.py b/nagixsc_conf2http.py
index 8738d04..1c5d28f 100755
--- a/nagixsc_conf2http.py
+++ b/nagixsc_conf2http.py
@@ -102,7 +102,7 @@ class Conf2HTTPHandler(MyHTTPRequestHandler):
 		if re.search('\.\.', configfile):
 			self.http_error(500, 'Found ".." in config file name')
 			return
-		if not re.search('^[a-zA-Z0-9-_]+$', configfile):
+		if not re.search('^[a-zA-Z0-9-_]+.conf$', configfile):
 			self.http_error(500, 'Config file name contains invalid characters')
 			return
 
-- 
2.30.2