*** handler.orig Wed Jul 23 20:49:26 1997 --- handler Wed Jul 23 20:55:25 1997 *************** *** 26,31 **** --- 26,32 ---- $pathRoot = $_[$#_] ; $doc = $ROOT.$PATH ; + $_ = $PATH; &ErrBadPath unless &ValidPath ; # Check for server spoofing #__________________________________________________________ *************** *** 108,113 **** --- 109,117 ---- sub ValidPath { + # suggested by drazvan@kappa.ro + if (/[|;]/) { return '' }; + return 1 unless /\.\./ ; return '' if /^\.\./ ; *************** *** 117,120 **** --- 121,136 ---- return 1 ; } + sub ErrBadPath + { + print <404 Not Found +

404 Not Found

+ The requested URL $PATH was not found on this server.

+ + ENDOFTEXT + + die ; + }