Verify validity of session name when received from outside

Only ASCII letters and digits are allowed.
author: Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> 2013-09-15 22:26:56 -0400
committer: Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> 2013-09-16 09:58:37 -0500
commit: 4b549144d82ea0f368321d149215f577049fffa6 (patch)
tree: ee916708f2758a03690c6c0770cc238aa8757e91 /src/shared/replace-var.c
parent: 1244d8d640a2644aa8dc8e588cd9c414b3d39163 (diff)
1 files changed, 2 insertions, 1 deletions
diff --git a/src/shared/replace-var.c b/src/shared/replace-var.c
index e11c57a43d..478fc43a38 100644
--- a/src/shared/replace-var.c
+++ b/src/shared/replace-var.c
@@ -24,6 +24,7 @@
 #include "macro.h"
 #include "util.h"
 #include "replace-var.h"
+#include "def.h"
 
 /*
  * Generic infrastructure for replacing @FOO@ style variables in
@@ -40,7 +41,7 @@ static int get_variable(const char *b, char **r) {
         if (*b != '@')
                 return 0;
 
-        k = strspn(b + 1, "ABCDEFGHIJKLMNOPQRSTUVWXYZ_");
+        k = strspn(b + 1, UPPERCASE_LETTERS "_");
         if (k <= 0 || b[k+1] != '@')
                 return 0;
author	Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>	2013-09-15 22:26:56 -0400
committer	Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>	2013-09-16 09:58:37 -0500
commit	4b549144d82ea0f368321d149215f577049fffa6 (patch)
tree	ee916708f2758a03690c6c0770cc238aa8757e91 /src/shared/replace-var.c
parent	1244d8d640a2644aa8dc8e588cd9c414b3d39163 (diff)