This is an automated email from the ASF dual-hosted git repository.
sebb pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/whimsy.git
The following commit(s) were added to refs/heads/master by this push:
new db45ee1d Check syntax
db45ee1d is described below
commit db45ee1dd4b1d225dcfd59d52716b52cc51439d9
Author: Sebb <[email protected]>
AuthorDate: Mon Oct 28 08:35:13 2024 +0000
Check syntax
---
www/board_minutes.cgi | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/www/board_minutes.cgi b/www/board_minutes.cgi
index 715616fb..c0af3be7 100755
--- a/www/board_minutes.cgi
+++ b/www/board_minutes.cgi
@@ -24,10 +24,12 @@ TAIL = """<p>Generated dynamically by Whimsy</p>
</body>
</html>"""
+MINUTES_RE = r'board_minutes_\d\d\d\d_\d\d_\d\d\.txt'
+
def minutes(path):
"""Return sorted list of minute base names"""
for file in sorted(os.listdir(path)):
- if (re.fullmatch(r'board_minutes_\d\d\d\d_\d\d_\d\d\.txt', file)
+ if (re.fullmatch(MINUTES_RE, file)
and os.path.isfile(os.path.join(path, file))):
yield file
@@ -73,6 +75,9 @@ def main():
elif len(parts) == 2:
year = parts[0]
basename = parts[1]
+ if not re.fullmatch(MINUTES_RE, basename):
+ print("Invalid request")
+ return
source = os.path.join(MINUTES_TXT, year, basename)
if not os.path.exists(source):
print(f"No such file as {source}")
