Update from samosa: Ensure only a valid fingerprint is passed as input

author joey <>

Thu, 18 Nov 2004 13:23:05 +0000 (13:23 +0000)

committer joey <>

Thu, 18 Nov 2004 13:23:05 +0000 (13:23 +0000)
author joey <>
Thu, 18 Nov 2004 13:23:05 +0000 (13:23 +0000)
committer joey <>
Thu, 18 Nov 2004 13:23:05 +0000 (13:23 +0000)
diff --git a/fetchkey.cgi b/fetchkey.cgi

index 11257c5..d2d5881 100755 (executable)
--- a/fetchkey.cgi
+++ b/fetchkey.cgi
@@ -1,6 +1,6 @@
  #!/usr/bin/perl -wT
  
-# $Id: fetchkey.cgi,v 1.3 2004/11/18 14:22:04 joey Exp $
+# $Id: fetchkey.cgi,v 1.4 2004/11/18 14:23:05 joey Exp $
  # (c) 1999 Randolph Chung. Licensed under the GPL. <tausq@debian.org>
  
  use lib '.';
@@ -19,6 +19,8 @@ my $query = new CGI;
  print "Content-type: text/plain\n\n";
  
  my $fp = $query->param('fingerprint');
+$fp =~ /^([A-Fa-f0-9]+)$/;
+$fp = $1;
  
  if ($fp) {
    my $key = &Util::FetchKey($fp, 0);