These instances of code similar to OVE-
20170111-0001 are not believed
to be exploitable, because defined(), length(), setpassword(),
userinfo_set() and the binary "." operator all have prototypes that
force the relevant argument to be evaluated in scalar context. However,
using a safer idiom makes mistakes less likely.
return;
}
elsif ($form->submitted eq 'Save Preferences' && $form->validate) {
return;
}
elsif ($form->submitted eq 'Save Preferences' && $form->validate) {
- if (defined $form->field('email')) {
- userinfo_set($user_name, 'email', $form->field('email')) ||
+ my $email = $form->field('email');
+ if (defined $email) {
+ userinfo_set($user_name, 'email', $email) ||
error("failed to set email");
}
error("failed to set email");
}
+ my $content = $form->field('editcontent');
$form->field(name => 'editcontent',
$form->field(name => 'editcontent',
- value => $form->field('editcontent')."\n\n".$add,
+ value => $content."\n\n".$add,
force => 1) if length $add;
}
force => 1) if length $add;
}
$filename=IkiWiki::basename($filename);
$filename=~s/.*\\+(.+)/$1/; # hello, windows
$filename=IkiWiki::possibly_foolish_untaint(linkpage($filename));
$filename=IkiWiki::basename($filename);
$filename=~s/.*\\+(.+)/$1/; # hello, windows
$filename=IkiWiki::possibly_foolish_untaint(linkpage($filename));
- my $dest=attachment_holding_location($form->field('page'));
+ my $dest=attachment_holding_location(scalar $form->field('page'));
# Check that the user is allowed to edit the attachment.
my $final_filename=
linkpage(IkiWiki::possibly_foolish_untaint(
# Check that the user is allowed to edit the attachment.
my $final_filename=
linkpage(IkiWiki::possibly_foolish_untaint(
- attachment_location($form->field('page')))).
+ attachment_location(scalar $form->field('page')))).
$filename;
eval {
if (IkiWiki::file_pruned($final_filename)) {
$filename;
eval {
if (IkiWiki::file_pruned($final_filename)) {
# Move attachments out of holding directory.
my @attachments;
# Move attachments out of holding directory.
my @attachments;
- my $dir=attachment_holding_location($form->field('page'));
+ my $dir=attachment_holding_location(scalar $form->field('page'));
foreach my $filename (glob("$dir/*")) {
$filename=Encode::decode_utf8($filename);
next unless -f $filename;
my $destdir=$config{srcdir}."/".
linkpage(IkiWiki::possibly_foolish_untaint(
foreach my $filename (glob("$dir/*")) {
$filename=Encode::decode_utf8($filename);
next unless -f $filename;
my $destdir=$config{srcdir}."/".
linkpage(IkiWiki::possibly_foolish_untaint(
- attachment_location($form->field('page'))));
+ attachment_location(scalar $form->field('page'))));
my $destfile=IkiWiki::basename($filename);
my $dest=$destdir.$destfile;
unlink($dest);
my $destfile=IkiWiki::basename($filename);
my $dest=$destdir.$destfile;
unlink($dest);
}
elsif ($form->submitted eq 'Create Account') {
my $email = $form->field('email');
}
elsif ($form->submitted eq 'Create Account') {
my $email = $form->field('email');
+ my $password = $form->field('password');
+
if (IkiWiki::userinfo_setall($user_name, {
'email' => $email,
'regdate' => time})) {
if (IkiWiki::userinfo_setall($user_name, {
'email' => $email,
'regdate' => time})) {
- setpassword($user_name, $form->field('password'));
+ setpassword($user_name, $password);
$form->field(name => "confirm_password", type => "hidden");
$form->field(name => "email", type => "hidden");
$form->text(gettext("Account creation successful. Now you can Login."));
$form->field(name => "confirm_password", type => "hidden");
$form->field(name => "email", type => "hidden");
$form->text(gettext("Account creation successful. Now you can Login."));
elsif ($form->title eq "preferences") {
if ($form->submitted eq "Save Preferences" && $form->validate) {
my $user_name=$form->field('name');
elsif ($form->title eq "preferences") {
if ($form->submitted eq "Save Preferences" && $form->validate) {
my $user_name=$form->field('name');
- if (defined $form->field("password") && length $form->field("password")) {
- setpassword($user_name, scalar $form->field('password'));
+ my $password=$form->field('password');
+ if (defined $password && length $password) {
+ setpassword($user_name, $password);