[LON-CAPA-cvs] cvs: loncom /auth lonauth.pm

www lon-capa-cvs@mail.lon-capa.org
Thu, 17 Jul 2003 15:24:46 -0000


www		Thu Jul 17 11:24:46 2003 EDT

  Modified files:              
    /loncom/auth	lonauth.pm 
  Log:
  Better safe than sorry.
  
  
Index: loncom/auth/lonauth.pm
diff -u loncom/auth/lonauth.pm:1.53 loncom/auth/lonauth.pm:1.54
--- loncom/auth/lonauth.pm:1.53	Wed Jul 16 16:42:31 2003
+++ loncom/auth/lonauth.pm	Thu Jul 17 11:24:46 2003
@@ -1,7 +1,7 @@
 # The LearningOnline Network
 # User Authentication Module
 #
-# $Id: lonauth.pm,v 1.53 2003/07/16 20:42:31 www Exp $
+# $Id: lonauth.pm,v 1.54 2003/07/17 15:24:46 www Exp $
 #
 # Copyright Michigan State University Board of Trustees
 #
@@ -107,6 +107,12 @@
 	$FORM{'interface'}=$userenv{'interface'};
     }
     $ENV{'environment.remote'}=$userenv{'remote'};
+# --------------- Do not trust query string to be put directly into environment
+    foreach ('imagesuppress','appletsuppress',
+	     'embedsuppress','fontenhance','blackwhite',
+	     'interface','localpath','localres') {
+	$FORM{$_}=~s/[\n\r\=]//gs;
+    }
 # --------------------------------------------------------- Write first profile
 
     {