Commit e67d5115 authored by Xavier Guimard's avatar Xavier Guimard

Little security (#1448)

parent ba17ea84
...@@ -47,7 +47,8 @@ sub getStatus { ...@@ -47,7 +47,8 @@ sub getStatus {
if ( $statusOut = if ( $statusOut =
IO::Socket::INET->new( Proto => 'udp', LocalPort => $_ ) ) IO::Socket::INET->new( Proto => 'udp', LocalPort => $_ ) )
{ {
$args = ' host=' . ( $ENV{LLNGSTATUSCLIENT} || 'localhost' ) . ":$_"; $args =
' host=' . ( $ENV{LLNGSTATUSCLIENT} || 'localhost' ) . ":$_";
last; last;
} }
} }
...@@ -57,6 +58,11 @@ sub getStatus { ...@@ -57,6 +58,11 @@ sub getStatus {
} }
return $class->abort( $req, "$class: status page can not be displayed" ) return $class->abort( $req, "$class: status page can not be displayed" )
unless ( $statusPipe and $statusOut ); unless ( $statusPipe and $statusOut );
my $q = $req->{env}->{QUERY_STRING} || '';
if ( $q =~ /\s/ ) {
$class->logger->error("Bad characters in query");
return $class->FORBIDDEN;
}
$statusPipe->print( $statusPipe->print(
"STATUS " . ( $req->{env}->{QUERY_STRING} || '' ) . "$args\n" ); "STATUS " . ( $req->{env}->{QUERY_STRING} || '' ) . "$args\n" );
my $buf; my $buf;
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment