[FFmpeg-devel] [PATCH 2/2] report.cgi: Clean chars in time and slot
Michael Niedermayer
michael at niedermayer.cc
Sun Aug 8 15:33:23 EEST 2021
On Sun, Aug 08, 2021 at 01:00:30PM +0100, Derek Buitenhuis wrote:
> On 8/8/2021 9:28 AM, Michael Niedermayer wrote:
> > +$req_slot =~ s/[^-._A-Za-z0-9 ]*//g;
>
> I don't think it is wise to allow periods here, considering
> we use string ops to append it to a dir name just below.
Periods are used for example:
report.cgi?slot=x86_32-debian-kfreebsd-gcc-4.4-cpuflags-0-n2.8&time=20170321202837
>
> .. and we probably should not be using string ops to construct
> directory names.
>
> > +$req_time =~ s/[^0-9]*//g;
>
> We should validate this is an actual time, probably.
sure, but i will leave this to nicolas because he actually knows perl
compared to me
thx
[...]
--
Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB
No snowflake in an avalanche ever feels responsible. -- Voltaire
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 195 bytes
Desc: not available
URL: <https://ffmpeg.org/pipermail/ffmpeg-devel/attachments/20210808/ef9431c0/attachment.sig>
More information about the ffmpeg-devel
mailing list