X-Git-Url: http://git.rot13.org/?p=BackupPC.git;a=blobdiff_plain;f=bin%2FBackupPC_tarCreate;h=f704255449006fb89a9a46f831737b7fadeed836;hp=97b9878eb690675917885c97be38a26878525b86;hb=617af75f7419e95a9c3ea05b05cf21957acc331c;hpb=cfeb65d0e5ef33ef54cf0e5aaa7b3790bf80bff3

diff --git a/bin/BackupPC_tarCreate b/bin/BackupPC_tarCreate
index 97b9878..f704255 100755
--- a/bin/BackupPC_tarCreate
+++ b/bin/BackupPC_tarCreate
@@ -96,7 +96,8 @@ EOF
     exit(1);
 }
 
-if ( $opts{h} !~ /^([\w\.\s-]+)$/ ) {
+if ( $opts{h} !~ /^([\w\.\s-]+)$/
+        || $opts{h} =~ m{(^|/)\.\.(/|$)} ) {
     print(STDERR "$0: bad host name '$opts{h}'\n");
     exit(1);
 }
@@ -130,7 +131,8 @@ $Charset = $opts{e} if ( $opts{e} ne "" );
 
 my $PathRemove = $1 if ( $opts{r} =~ /(.+)/ );
 my $PathAdd    = $1 if ( $opts{p} =~ /(.+)/ );
-if ( $opts{s} !~ /^([\w\s.\/$(){}[\]-]+)$/ && $opts{s} ne "*" ) {
+if ( ($opts{s} !~ /^([\w\s.@\/$(){}[\]-]+)$/
+        || $opts{s} =~ m{(^|/)\.\.(/|$)}) && $opts{s} ne "*" ) {
     print(STDERR "$0: bad share name '$opts{s}'\n");
     exit(1);
 }