Mercurial > hg > chronicle

changeset 205:e0ef0f218600

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Updated CGI script a little
author Steve Kemp <steve@steve.org.uk>
date Mon, 14 Apr 2008 19:07:05 +0100
parents 1d4f3be0e000
children ea4f503f58cc
files cgi-bin/comments.cgi
diffstat 1 files changed, 10 insertions(+), 7 deletions(-) [+]
line wrap: on
line diff
--- a/cgi-bin/comments.cgi	Mon Apr 14 19:04:14 2008 +0100
+++ b/cgi-bin/comments.cgi	Mon Apr 14 19:07:05 2008 +0100
@@ -35,7 +35,10 @@
 
 
 #
-#  The directory to store comments in
+#  The directory to store comments in.
+#
+# NOTE:  This should be writeable to the www-data user, and shouldn't
+#        be inside your web-root - or you open up a security hole.
 #
 # my $COMMENT = "/home/www/comments/";
 #
@@ -53,12 +56,12 @@
 #  Get the parameters from the request.
 #
 my $cgi  = new CGI();
-my $name = $cgi->param('name') || undef;
-my $mail = $cgi->param('mail') || undef;
-my $body = $cgi->param('body') || undef;
-my $id   = $cgi->param('id') || undef;
+my $name = $cgi->param('name')    || undef;
+my $mail = $cgi->param('mail')    || undef;
+my $body = $cgi->param('body')    || undef;
+my $id   = $cgi->param('id')      || undef;
 my $cap  = $cgi->param('captcha') || undef;
-my $ajax = $cgi->param("ajax") || 0;
+my $ajax = $cgi->param("ajax")    || 0;
 
 
 #
@@ -136,7 +139,7 @@
 #  Open the file.
 #
 my $file = $COMMENT . "/" . $id . "." . $timestr;
-$file =~ s/[ \t]//g;
+$file =~ s/[^a-z0-9]/_/gi;
 
 open( FILE, ">", $file );
 print FILE "Name: $name\n";