Changeset 1953

Show
Ignore:
Timestamp:
11/21/04 23:16:11 (20 years ago)
Author:
jalet
Message:

Added some kind of protection against bad guys

Files:
1 modified

Legend:

Unmodified
Added
Removed
  • pykota/trunk/bin/pkmail

    r1952 r1953  
    2424# 
    2525# $Log$ 
     26# Revision 1.2  2004/11/21 22:16:11  jalet 
     27# Added some kind of protection against bad guys 
     28# 
    2629# Revision 1.1  2004/11/21 21:50:03  jalet 
    2730# Introduced the new pkmail command as a simple email gateway 
     
    108111            raise PyKotaToolError, "No command found !" 
    109112         
    110         self.logdebug("Launching internal command '%s' with arguments %s" % (command, arguments)) 
    111         cmdfunc = getattr(self, "cmd%s" % command, self.cmdDefault) 
    112         result = cmdfunc(arguments) 
     113        badchars = """/<>&"'#!%*$,;\\""" 
     114        cheatmeonce = 0 
     115        for c in "".join(arguments) : 
     116            if c in badchars : 
     117                cheatmeonce = 1 
     118             
     119        if cheatmeonce :     
     120            self.logdebug("Possible intruder at %s : %s" % (useremail, str(arguments))) 
     121            result = "Either you mistyped your command, or you're a bad guy !" 
     122        else : 
     123            self.logdebug("Launching internal command '%s' with arguments %s" % (command, str(arguments))) 
     124            cmdfunc = getattr(self, "cmd%s" % command, self.cmdDefault) 
     125            result = cmdfunc(arguments) 
    113126         
    114127        self.logdebug("Sending answer to : %s" % useremail)