From bc75095a9ac7988f2bb29e9043be089d4e4c5cd2 Mon Sep 17 00:00:00 2001
From: Mark Spencer <markster@digium.com>
Date: Thu, 22 May 2003 04:50:53 +0000
Subject: [PATCH] Fix vmail "taint" issue

git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@1051 65c4cc65-6c06-0410-ace0-fbb531ad65f3
---
 contrib/scripts/vmail.cgi | 6 ++++++
 vmail.cgi                 | 6 ++++++
 2 files changed, 12 insertions(+)

diff --git a/contrib/scripts/vmail.cgi b/contrib/scripts/vmail.cgi
index cd519d7017..fb22f116e6 100755
--- a/contrib/scripts/vmail.cgi
+++ b/contrib/scripts/vmail.cgi
@@ -600,6 +600,12 @@ sub message_rename()
 	my ($context, $mbox, $oldfolder, $old, $newfolder, $new) = @_;
 	my $oldfile, $newfile;
 	return if ($old eq $new) && ($oldfolder eq $newfolder);
+
+        if ($context =~ /^(\w+)$/) {
+                $context = $1;
+        } else {
+                die("Invalid Context<BR>\n");
+        }
 	
 	if ($mbox =~ /^(\w+)$/) {
 		$mbox = $1;
diff --git a/vmail.cgi b/vmail.cgi
index cd519d7017..fb22f116e6 100755
--- a/vmail.cgi
+++ b/vmail.cgi
@@ -600,6 +600,12 @@ sub message_rename()
 	my ($context, $mbox, $oldfolder, $old, $newfolder, $new) = @_;
 	my $oldfile, $newfile;
 	return if ($old eq $new) && ($oldfolder eq $newfolder);
+
+        if ($context =~ /^(\w+)$/) {
+                $context = $1;
+        } else {
+                die("Invalid Context<BR>\n");
+        }
 	
 	if ($mbox =~ /^(\w+)$/) {
 		$mbox = $1;
-- 
GitLab