From 09af80b17e2653eb2d0decb6bd358e7a22139643 Mon Sep 17 00:00:00 2001 From: Darryl Quinn Date: Mon, 6 Apr 2015 14:47:09 -0500 Subject: [PATCH] check for .css file extension being passed --- files/www/cgi-bin/perlfunc.pm | 1 + files/www/cgi-bin/status | 11 +++++++---- 2 files changed, 8 insertions(+), 4 deletions(-) diff --git a/files/www/cgi-bin/perlfunc.pm b/files/www/cgi-bin/perlfunc.pm index 7599f4ce..b8e90521 100644 --- a/files/www/cgi-bin/perlfunc.pm +++ b/files/www/cgi-bin/perlfunc.pm @@ -61,6 +61,7 @@ sub html_header print "\n"; print "\n"; print "\n"; + # Prevent browser caching of the css file my $rnum=`date +%s`; chomp($rnum); print "\n"; diff --git a/files/www/cgi-bin/status b/files/www/cgi-bin/status index a8d148e1..82d41a68 100755 --- a/files/www/cgi-bin/status +++ b/files/www/cgi-bin/status @@ -49,11 +49,14 @@ $config = "not set" if $config eq "" or not -d "/etc/config.$config"; read_postdata(); # set up the style sheet -system "rm -rf /www/style.css" if -f "/www/style.css"; # cleanup any actual file named style.css -system "ln -s /www/aredn.css /www/style.css" unless -l "/www/style.css"; +mkdir "/tmp/web" unless -d "/tmp/web"; # make sure /tmp/web exists +# DO IN BUILD- unlink "/www/style.css" if -f "/www/style.css"; # cleanup any actual file named style.css in /www +# DO IN BUILD- symlink "/tmp/web/style.css","/www/style.css" unless -l "/www/style.css"; # fixed for web page +symlink "/www/aredn.css","/tmp/web/style.css" unless -l "/tmp/web/style.css"; # default to aredn.css -if($parms{css}) { - system "ln -fs /www/$parms{css} /www/style.css" if -f "/www/$parms{css}"; +if($parms{css} and -f "/www/$parms{css}" and $parms{css} =~ /\.css$/i) { + unlink "/tmp/web/style.css"; + symlink "/www/$parms{css}","/tmp/web/style.css"; } # generate the page