From e2d7f5abbe7dd7dceabf08451c78261e88dce69f Mon Sep 17 00:00:00 2001 From: Neale Pickett Date: Wed, 3 Jun 2015 15:42:03 -0600 Subject: [PATCH] Fix up tokens.cgi, thanks Pat Avery --- www/cgi-bin/token.cgi | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/www/cgi-bin/token.cgi b/www/cgi-bin/token.cgi index 8d8ea39..57e80dd 100755 --- a/www/cgi-bin/token.cgi +++ b/www/cgi-bin/token.cgi @@ -8,9 +8,6 @@ local koth = require "koth" local team = cgi.fields['t'] or "" local token = cgi.fields['k'] or "" --- Defang category name; prevent directory traversal -category = category:gsub("[^A-Za-z0-9]", "-") - -- Check answer local needle = token local haystack = koth.path("tokens.txt") @@ -20,12 +17,15 @@ if (not found) then koth.page("Unrecognized token", err) end -local category, points = token.match("^(.*):(.*):") -if ((category == nil) || (points == nil)) then +local category, points = token:match("^(.*):(.*):") +if ((category == nil) or (points == nil)) then koth.page("Unrecognized token", "Something doesn't look right about that token") end points = tonumber(points) +-- Defang category name; prevent directory traversal +category = category:gsub("[^A-Za-z0-9]", "-") + local ok, err = koth.award_points(team, category, points, token) if (not ok) then koth.page("Error awarding points",