Fix vmail "taint" issue

git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@1051 65c4cc65-6c06-0410-ace0-fbb531ad65f3

diff --git a/contrib/scripts/vmail.cgi b/contrib/scripts/vmail.cgi
index cd519d7..fb22f11 100755 (executable)
--- a/contrib/scripts/vmail.cgi
+++ b/contrib/scripts/vmail.cgi
@@ -600,6 +600,12 @@ sub message_rename()
        my ($context, $mbox, $oldfolder, $old, $newfolder, $new) = @_;
        my $oldfile, $newfile;
        return if ($old eq $new) && ($oldfolder eq $newfolder);
+
+        if ($context =~ /^(\w+)$/) {
+                $context = $1;
+        } else {
+                die("Invalid Context<BR>\n");
+        }
        
        if ($mbox =~ /^(\w+)$/) {
                $mbox = $1;

diff --git a/vmail.cgi b/vmail.cgi
index cd519d7..fb22f11 100755 (executable)
--- a/vmail.cgi
+++ b/vmail.cgi
@@ -600,6 +600,12 @@ sub message_rename()
        my ($context, $mbox, $oldfolder, $old, $newfolder, $new) = @_;
        my $oldfile, $newfile;
        return if ($old eq $new) && ($oldfolder eq $newfolder);
+
+        if ($context =~ /^(\w+)$/) {
+                $context = $1;
+        } else {
+                die("Invalid Context<BR>\n");
+        }
        
        if ($mbox =~ /^(\w+)$/) {
                $mbox = $1;