s4
changeset 579:6e727ab07c98
Sanitize argument from cgi with numericalize()
author | HIROSE Yuuji <yuuji@gentei.org> |
---|---|
date | Sat, 15 Jun 2019 14:33:39 +0900 |
parents | c064c7d357dc |
children | a9faeb10a33b |
files | s4-blog.sh |
diffstat | 1 files changed, 6 insertions(+), 5 deletions(-) [+] |
line diff
1.1 --- a/s4-blog.sh Sat Jun 15 14:32:50 2019 +0900 1.2 +++ b/s4-blog.sh Sat Jun 15 14:33:39 2019 +0900 1.3 @@ -649,7 +649,8 @@ 1.4 } 1.5 gethandout() { 1.6 # $1=rowid of blog 1.7 - blog_writable $1 $user 1.8 + rid=`numericalize "$1"` 1.9 + blog_writable $rid $user 1.10 rc=$? # =0: writable, $BLOG_NOTMEM bit set => not member 1.11 if [ $((rc & $BLOG_NOTMEM)) -gt 0 ] ; then 1.12 echo "メンバー以外は利用できません。" | html p; return 1.13 @@ -658,7 +659,7 @@ 1.14 bd=$tmpd/archive.$$ 1.15 mkdir $bd 1.16 query "select m.rowid,author,m.val from article a join article_m m\ 1.17 - on a.id=m.id where blogid=(select id from blog where rowid=$1)\ 1.18 + on a.id=m.id where blogid=(select id from blog where rowid=$rid)\ 1.19 and m.key in ('image', 'document', 'binary');" \ 1.20 | while IFS='|' read rowid author filename; do 1.21 err isfilereadable $user article_m $rowid 1.22 @@ -986,7 +987,7 @@ 1.23 1.24 blog_addentry() { 1.25 # $1=GRPname(if it is a group) 1.26 - grprowid=$1 1.27 + grprowid=`numericalize $1` 1.28 rowid=`getpar rowid` 1.29 ## err blog_addentry0: rowid=$rowid 1.30 if [ -n "$grprowid" ]; then 1.31 @@ -994,7 +995,7 @@ 1.32 else 1.33 owner=`getpar owner` 1.34 fi 1.35 - err blog-add: \$1=$1 rowid=$rowid owner=$owner 1.36 + err blog-add: \$1=$grprowid rowid=$rowid owner=$owner 1.37 if isgroup "$owner"; then 1.38 groupmode=1 listing=$owner guide="[${owner}]" GF_OWNER=$owner 1.39 else 1.40 @@ -1047,7 +1048,7 @@ 1.41 } 1.42 1.43 blog_reply() { # Posting to blog article 1.44 - rowid=$1 1.45 + rowid=`numericalize $1` # Ensure (already purified in s4.cgi) 1.46 1.47 if [ -z "$rowid" ]; then 1.48 echo "表示する日記番号が未指定です。" | html p