aboutsummaryrefslogtreecommitdiffstats
path: root/scripts/dirlist.cgi.in
diff options
context:
space:
mode:
authorFumitoshi UKAI <ukai@debian.or.jp>2001-12-21 19:20:45 +0000
committerFumitoshi UKAI <ukai@debian.or.jp>2001-12-21 19:20:45 +0000
commitcb2de722d875d2dca0fa5949cf87a346dd3a8de6 (patch)
tree450ca213ecaaa276500507728a2d890f526740ab /scripts/dirlist.cgi.in
parentSecurity hole in multipart.cgi.in, w3mman2html.cgi.in (diff)
downloadw3m-cb2de722d875d2dca0fa5949cf87a346dd3a8de6.tar.gz
w3m-cb2de722d875d2dca0fa5949cf87a346dd3a8de6.zip
mark insecure
Diffstat (limited to '')
-rwxr-xr-xscripts/dirlist.cgi.in4
1 files changed, 2 insertions, 2 deletions
diff --git a/scripts/dirlist.cgi.in b/scripts/dirlist.cgi.in
index 796bbc4..8f11cdd 100755
--- a/scripts/dirlist.cgi.in
+++ b/scripts/dirlist.cgi.in
@@ -34,7 +34,7 @@ $query = $ENV{'QUERY_STRING'};
$cmd = '';
$cgi = 0;
if ($query eq '') {
- $_ = `pwd`;
+ $_ = `pwd`; # insecure?
chop;
s/\r$//;
$dir = $_;
@@ -54,7 +54,7 @@ if ($query eq '') {
$dir = $query;
if (($dir !~ m@^/@) &&
($WIN32 && $dir !~ /^[a-z]:/i)) {
- $_ = `pwd`;
+ $_ = `pwd`; # insecure?
chop;
s/\r$//;
$dir = "$_/$dir";