Bugtraq mailing list archives
Re: PATCH: faxsurvey
From: sirsyko () BLEEP ISHIBOO COM (Sir Syko)
Date: Tue, 4 Aug 1998 13:07:04 -0400
Hi. Here comes the patch for the 'faxsurvey' cgi-script. The problem is the quotation marks for the 'eval' command. Will they ever learn? Don't forget to remove/chown 'faxsurvey.orig' after patching. Cheers Tom
how does your "patch" do anything except break the cgi? You are telling perl to eval the ECHO command which doesnt exist. Also, the quotes still arent properly terminated.
+eval "ECHO "$QUERY_STRING" | $UNQUOTE -qn | $SED 's/PATH=[^;]*;//g'"
should you not make this: eval "$ECHO \'$QUERY_STRING\' | $UNQUOTE -qn | $SED 's/PATH=[^;]*;//g'" which will pass the single quotes to the shell, telling it that this string should be literal? Even better would be to pass the string through a filter that strips nasty characters. Adam
Current thread:
- PATCH: faxsurvey Tom (Aug 04)
- Re: PATCH: faxsurvey Sir Syko (Aug 04)
- Re: PATCH: faxsurvey Illuminatus Primus (Aug 05)
- RSI.0007.05-26-98.SUN.LIBAUTH RSI Advise (Aug 04)
- Re: PATCH: faxsurvey Sir Syko (Aug 04)