bluesaxman/shombler
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Added ; check in cleaning function to help prevent injection attacks

Browse Source
This commit is contained in:
bluesaxman 2021-05-07 14:50:23 -06:00
parent 3b487967dc
commit f121eff48b
1 changed files with 4 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
shomble/get.pl
View File

@ -35,9 +35,9 @@ sub soft_die {
sub clean_input {
my $input = shift;
unless ($input) { return ""; }
if ($input =~ m!%2F!) { print "Location: /hax\r\n\r\n"; exit; }
$input =~ s!%(..)!chr hex $1!ge;
$input =~ s!\+! !g;
$input =~ s!;!\;!g; #antivaxx
return $input;
}
@ -55,9 +55,9 @@ if ( "rand" eq $directive ) {
$sth = $db->prepare('SELECT * FROM posts ORDER BY DATE DESC LIMIT 1');
} elsif ( "range" eq $directive ) {
# select range starting with lastest as 1
my $low = $get_params[0];
my $high = $get_params[1];
$sth = $db->prepare('SELECT * FROM posts ORDER BY DATE DESC LIMIT '.$low.', '.$high);
my $start = $get_params[0];
my $count = $get_params[1];
$sth = $db->prepare('SELECT * FROM posts ORDER BY DATE DESC LIMIT '.$start.', '.$count);
} else {
# select the last 10 posts
$sth = $db->prepare('SELECT * FROM posts ORDER BY DATE DESC LIMIT 10');