diff options
author | Michael R Sweet <michaelrsweet@gmail.com> | 2017-11-01 12:27:58 -0400 |
---|---|---|
committer | Michael R Sweet <michaelrsweet@gmail.com> | 2017-11-01 12:27:58 -0400 |
commit | f1547f121cd10de60d57248a9de6df3982f451c4 (patch) | |
tree | 1d05c4299108dba8fa35f28aa8d58d3f9901913c /cgi-bin | |
parent | d0df9cd33768b02cf5327c9d625568d21ced0297 (diff) | |
download | cups-f1547f121cd10de60d57248a9de6df3982f451c4.tar.gz |
No longer support backslash, question mark, or quotes in printer names (Issue #4966)
Diffstat (limited to 'cgi-bin')
-rw-r--r-- | cgi-bin/admin.c | 7 |
1 files changed, 2 insertions, 5 deletions
diff --git a/cgi-bin/admin.c b/cgi-bin/admin.c index cfdf3ff01..179a8d68e 100644 --- a/cgi-bin/admin.c +++ b/cgi-bin/admin.c @@ -695,16 +695,13 @@ do_am_printer(http_t *http, /* I - HTTP connection */ if ((name = cgiGetVariable("PRINTER_NAME")) != NULL) { for (ptr = name; *ptr; ptr ++) - if ((*ptr >= 0 && *ptr <= ' ') || *ptr == 127 || *ptr == '/' || *ptr == '#') + if ((*ptr >= 0 && *ptr <= ' ') || *ptr == 127 || *ptr == '/' || *ptr == '\\' || *ptr == '?' || *ptr == '\'' || *ptr == '\"' || *ptr == '#') break; if (*ptr || ptr == name || strlen(name) > 127) { cgiSetVariable("ERROR", - cgiText(_("The printer name may only contain up to " - "127 printable characters and may not " - "contain spaces, slashes (/), or the " - "pound sign (#)."))); + cgiText(_("The printer name may only contain up to 127 printable characters and may not contain spaces, slashes (/ \\), quotes (' \"), question mark (?), or the pound sign (#)."))); cgiStartHTML(title); cgiCopyTemplateLang("error.tmpl"); cgiEndHTML(); |