tighten up regexps for context and peer
authorDaniel Kahn Gillmor <dkg@fifthhorseman.net>
Sat, 2 Oct 2010 21:38:27 +0000 (17:38 -0400)
committerDaniel Kahn Gillmor <dkg@fifthhorseman.net>
Sat, 2 Oct 2010 21:38:27 +0000 (17:38 -0400)
msva-perl

index 46477215249cdd51b1005b4dd0d770858d7ff3f3..a0ebe58b1a28985e26f17594959471a4ad6ed685 100755 (executable)
--- a/msva-perl
+++ b/msva-perl
@@ -23,6 +23,7 @@ use strict;
 
   use parent qw(HTTP::Server::Simple::CGI);
   require Crypt::X509;
+  use Regexp::Common qw /net/;
   use Convert::ASN1;
   use MIME::Base64;
   use IO::Socket;
@@ -326,17 +327,13 @@ use strict;
 
   sub getuid {
     my $data = shift;
-    if ($data->{context} =~ /(https|ssh)/) {
+    if ($data->{context} =~ /^(https|ssh)$/) {
       $data->{context} = $1;
-    } else {
-      return [];
-    }
-    if ($data->{peer} =~ /(^[^\s]*$)/) {
-      $data->{peer} = $1;
-    } else {
-      return [];
+      if ($data->{peer} =~ /^($RE{net}{domain})$/) {
+        $data->{peer} = $1;
+        return $data->{context}.'://'.$data->{peer};
+      }
     }
-    return $data->{context}.'://'.$data->{peer};
   }
 
   sub reviewcert {