diff --git a/tools/package-puzzles.py b/tools/package-puzzles.py index 35b2b3a..ced068c 100755 --- a/tools/package-puzzles.py +++ b/tools/package-puzzles.py @@ -83,12 +83,13 @@ def generate_html(ziphandle, puzzle, puzzledir, category, points, authors, files '''.format( - category=category, - points=points, - body=puzzle.html_body(), - file_content=file_content.getvalue(), - authors=', '.join(authors)), - scripts='\n'.join(scripts), + category=category, + points=points, + body=puzzle.html_body(), + file_content=file_content.getvalue(), + authors=', '.join(authors), + scripts='\n'.join(scripts), + ) ) ziphandle.writestr(os.path.join(puzzledir, 'index.html'), html_content.getvalue()) diff --git a/www/cgi-bin/puzzler.cgi b/www/cgi-bin/puzzler.cgi index 655a242..3b51c70 100755 --- a/www/cgi-bin/puzzler.cgi +++ b/www/cgi-bin/puzzler.cgi @@ -11,7 +11,7 @@ local points = cgi.fields['p'] or "" local answer = cgi.fields['a'] or "" -- Defang category name; prevent directory traversal -category = category:gsub("[^A-Za-z0-9]", "-") +category = category:gsub("[^A-Za-z0-9_]", "-") -- Check answer local needle = points .. " " .. answer