Changeset 1953

Timestamp:

11/21/04 23:16:11 (20 years ago)

Author:

jalet

Message:

Added some kind of protection against bad guys

Files:

• pykota/trunk/bin/pkmail (modified) (2 diffs)

pykota/trunk/bin/pkmail

@@ -24 +24 @@
 #
 # $Log$
+# Revision 1.2  2004/11/21 22:16:11  jalet
+# Added some kind of protection against bad guys
+#
 # Revision 1.1  2004/11/21 21:50:03  jalet
 # Introduced the new pkmail command as a simple email gateway
@@ -108 +111 @@
             raise PyKotaToolError, "No command found !"
         
-        self.logdebug("Launching internal command '%s' with arguments %s" % (command, arguments))
-        cmdfunc = getattr(self, "cmd%s" % command, self.cmdDefault)
-        result = cmdfunc(arguments)
+        badchars = """/<>&"'#!%*$,;\\"""
+        cheatmeonce = 0
+        for c in "".join(arguments) :
+            if c in badchars :
+                cheatmeonce = 1
+            
+        if cheatmeonce :    
+            self.logdebug("Possible intruder at %s : %s" % (useremail, str(arguments)))
+            result = "Either you mistyped your command, or you're a bad guy !"
+        else :
+            self.logdebug("Launching internal command '%s' with arguments %s" % (command, str(arguments)))
+            cmdfunc = getattr(self, "cmd%s" % command, self.cmdDefault)
+            result = cmdfunc(arguments)
         
         self.logdebug("Sending answer to : %s" % useremail)