s4
changeset 12:262bbdea72e2
Clear taint flag
author | HIROSE Yuuji <yuuji@gentei.org> |
---|---|
date | Tue, 21 Jul 2015 08:02:30 +0900 |
parents | 3565d93c2fb1 |
children | f2204bd941d5 |
files | mpsplit.pl |
diffstat | 1 files changed, 7 insertions(+), 1 deletions(-) [+] |
line diff
1.1 --- a/mpsplit.pl Mon Jul 20 18:09:20 2015 +0900 1.2 +++ b/mpsplit.pl Tue Jul 21 08:02:30 2015 +0900 1.3 @@ -1,6 +1,9 @@ 1.4 #!/usr/bin/env perl 1.5 $sep = "--" . $ARGV[0]; 1.6 $dir = ($ARGV[1] || "tmp"); 1.7 +if ($dir =~ /^([^<>\;\&]*)$/) { 1.8 + $dir = $1; 1.9 +} 1.10 1.11 #print "sep=".$sep, "dir=$dir\n"; 1.12 #binmode STDIN; 1.13 @@ -23,7 +26,10 @@ 1.14 $name = $2; 1.15 #print "name=$name\n"; 1.16 if ($header =~ /filename=(['\"]?)(.*?)\1/ && $2 gt "") { 1.17 - $fn = $2; 1.18 + $fn=$2; 1.19 + if ($fn =~ /^([^\/]*)$/) { 1.20 + $fn = $1; 1.21 + } 1.22 open(OUT, ">$dir/$fn"); 1.23 print OUT $body; 1.24 close(OUT);