X-Git-Url: http://gb7djk.dxcluster.net/gitweb/gitweb.cgi?a=blobdiff_plain;f=perl%2FDXCommandmode.pm;h=9b3a371b092a8e9cd651025153e26ca9c642a71d;hb=b9e57057d60a952bd43acdbeb2420ad7964b96f8;hp=46d2b1d38bd4d450f0f95b0fbda2e7b37281f274;hpb=42e13afbe924d02919cef432ab0cee537ed1e20d;p=spider.git

diff --git a/perl/DXCommandmode.pm b/perl/DXCommandmode.pm
index 46d2b1d3..9b3a371b 100644
--- a/perl/DXCommandmode.pm
+++ b/perl/DXCommandmode.pm
@@ -50,6 +50,7 @@ use DXCIDR;
 use strict;
 use vars qw(%Cache %cmd_cache $errstr %aliases $scriptbase %nothereslug
 	$maxbadcount $msgpolltime $default_pagelth $cmdimportdir $users $maxusers
+    $maxcmdlth
 );
 
 %Cache = ();					# cache of dynamically loaded routine's mod times
@@ -64,6 +65,8 @@ $cmdimportdir = "$main::root/cmd_import"; # the base directory for importing com
 $users = 0;					  # no of users on this node currently
 $maxusers = 0;				  # max no users on this node for this run
 
+$maxcmdlth = 512;				# max length of incoming cmd line (including the command and any arguments
+
 #
 # obtain a new connection this is derived from dxchannel
 #
@@ -534,15 +537,15 @@ sub run_cmd
 		
 	if ($cmd) {
 
-		# check cmd
-		if ($cmd =~ m|^/| || $cmd =~ m|[^-?\w/]|) {
+		# strip out // on command only
+		$cmd =~ s|//+|/|g;
+
+		# check for length of whole command line and any invalid characters
+		if (length $cmdline > $maxcmdlth || $cmd =~ m|\.| || $cmd !~ m|^\w+(?:/\w+){0,1}$|) {
 			LogDbg('DXCommand', "cmd: $self->{call} - invalid characters in '$cmd'");
-			return $self->_error_out('e1');
+			return $self->_error_out('e40');	
 		}
 
-		# strip out // on command only
-		$cmd =~ s|//|/|g;
-					
 		my ($path, $fcmd);
 			
 		dbg("cmd: $cmd") if isdbg('command');