This is an automated email from the ASF dual-hosted git repository. sebb pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/whimsy.git
commit 5d0e0d05156fb011bb679c95b9f76fe35b7ffab6 Author: Sebb <[email protected]> AuthorDate: Sun Oct 4 15:39:09 2020 +0100 Check input validity --- www/fundraising/invoice.cgi | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/www/fundraising/invoice.cgi b/www/fundraising/invoice.cgi index f51b35f..e5c21f8 100755 --- a/www/fundraising/invoice.cgi +++ b/www/fundraising/invoice.cgi @@ -471,9 +471,12 @@ _html do _p "Wells Fargo Bank" end - @invoice_number.untaint if @invoice_number =~ /^\d+$/ - File.open("#{HISTORY}/#{@invoice_number}", 'w') do |file| - file.write params.to_yaml + if @invoice_number =~ /\A\d+\z/ + File.open("#{HISTORY}/#{@invoice_number}", 'w') do |file| + file.write params.to_yaml + end + else + _p "Invalid invoice number #{@invoice_number}, could not create invoice" end end end
