X-Git-Url: http://git.rot13.org/?p=BackupPC.git;a=blobdiff_plain;f=bin%2FBackupPC_zipCreate;h=8e0b483b0ef0fe88fe39f7ae4cb4acd62754400e;hp=51683fb9952afa637650e69c7fd02f0f9df73239;hb=617af75f7419e95a9c3ea05b05cf21957acc331c;hpb=5b3e6091d542c2e7445d5dd511cdf6e20aec8b8d

diff --git a/bin/BackupPC_zipCreate b/bin/BackupPC_zipCreate
index 51683fb..8e0b483 100755
--- a/bin/BackupPC_zipCreate
+++ b/bin/BackupPC_zipCreate
@@ -100,7 +100,8 @@ EOF
     exit(1);
 }
 
-if ( $opts{h} !~ /^([\w\.\s-]+)$/ ) {
+if ( $opts{h} !~ /^([\w\.\s-]+)$/
+        || $opts{h} =~ m{(^|/)\.\.(/|$)} ) {
     print(STDERR "$0: bad host name '$opts{h}'\n");
     exit(1);
 }
@@ -141,7 +142,8 @@ $Charset = $opts{e} if ( $opts{e} ne "" );
 
 my $PathRemove = $1 if ( $opts{r} =~ /(.+)/ );
 my $PathAdd    = $1 if ( $opts{p} =~ /(.+)/ );
-if ( $opts{s} !~ /^([\w\s.\/$(){}[\]-]+)$/ ) {
+if ( $opts{s} !~ /^([\w\s.@\/$(){}[\]-]+)$/
+        || $opts{s} =~ m{(^|/)\.\.(/|$)} ) {
     print(STDERR "$0: bad share name '$opts{s}'\n");
     exit(1);
 }
@@ -170,6 +172,7 @@ sub archiveWrite
 	$ErrorCnt++;
         return;
     }
+    $dir = "/" if ( $dir eq "." );
     $view->find($Num, $ShareName, $dir, 0, \&ZipWriteFile,
                 $zipfh, $zipPathOverride);
 }