Fixed a grave security issue

This commit is contained in:
Stefan Ritter 2009-07-21 17:27:23 +02:00
parent 6203534223
commit 479e4490bc

View File

@ -123,9 +123,15 @@ except: errorpage("newest_first")
# Read POST Variables
action = cgi.FieldStorage()
month_display = action.getvalue('m')
static_display = action.getvalue('s')
if static_display: static_display = re.sub('/', '', static_display)
post_display = action.getvalue('p')
if post_display: post_display = re.sub(' ', '-', post_display)
if post_display:
post_display = re.sub(' ', '-', post_display)
post_display = re.sub('/', '', post_display)
allentries_display = action.getvalue('a')
feed_display = action.getvalue('feed')
if not month_display: month_display = ""