From 54702c4d832bdcb24f24852a96d5336e5adca75a Mon Sep 17 00:00:00 2001
From: Fumitoshi UKAI <ukai@debian.or.jp>
Date: Fri, 21 Dec 2001 18:33:41 +0000
Subject: Security hole in multipart.cgi.in, w3mman2html.cgi.in From: Hironori
 Sakamoto <h-saka@lsi.nec.co.jp>

---
 scripts/w3mman/w3mman2html.cgi.in | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

(limited to 'scripts/w3mman')

diff --git a/scripts/w3mman/w3mman2html.cgi.in b/scripts/w3mman/w3mman2html.cgi.in
index 68f318a..6786928 100644
--- a/scripts/w3mman/w3mman2html.cgi.in
+++ b/scripts/w3mman/w3mman2html.cgi.in
@@ -31,7 +31,7 @@ Content-Type: text/html
 <h2>man -k <b>$k</b></h2>
 <ul>
 EOF
-    $keyword =~ s:([^\w./]):\\$1:g;
+    $keyword =~ s:([^-\w\200-\377.,])::g;
     open(F, "$MAN -k $keyword 2> /dev/null |");
     @line = ();
     while(<F>) {
@@ -82,8 +82,8 @@ if ($man =~ s/\((\w+)\)$//) {
   $man_section = "$man";
 }
 
-$section =~ s:([^\w./]):\\$1:g;
-$man =~ s:([^\w./]):\\$1:g;
+$section =~ s:([^-\w\200-\377.,])::g;
+$man =~ s:([^-\w\200-\377.,])::g;
 open(F, "$MAN $section $man 2> /dev/null |");
 $ok = 0;
 undef $header;
-- 
cgit v1.2.3