[LON-CAPA-cvs] cvs: loncom /auth lonauth.pm
www
lon-capa-cvs@mail.lon-capa.org
Thu, 17 Jul 2003 15:24:46 -0000
www Thu Jul 17 11:24:46 2003 EDT
Modified files:
/loncom/auth lonauth.pm
Log:
Better safe than sorry.
Index: loncom/auth/lonauth.pm
diff -u loncom/auth/lonauth.pm:1.53 loncom/auth/lonauth.pm:1.54
--- loncom/auth/lonauth.pm:1.53 Wed Jul 16 16:42:31 2003
+++ loncom/auth/lonauth.pm Thu Jul 17 11:24:46 2003
@@ -1,7 +1,7 @@
# The LearningOnline Network
# User Authentication Module
#
-# $Id: lonauth.pm,v 1.53 2003/07/16 20:42:31 www Exp $
+# $Id: lonauth.pm,v 1.54 2003/07/17 15:24:46 www Exp $
#
# Copyright Michigan State University Board of Trustees
#
@@ -107,6 +107,12 @@
$FORM{'interface'}=$userenv{'interface'};
}
$ENV{'environment.remote'}=$userenv{'remote'};
+# --------------- Do not trust query string to be put directly into environment
+ foreach ('imagesuppress','appletsuppress',
+ 'embedsuppress','fontenhance','blackwhite',
+ 'interface','localpath','localres') {
+ $FORM{$_}=~s/[\n\r\=]//gs;
+ }
# --------------------------------------------------------- Write first profile
{