diff options
Diffstat (limited to 'web/html2x.pl')
-rwxr-xr-x | web/html2x.pl | 6 |
1 files changed, 4 insertions, 2 deletions
diff --git a/web/html2x.pl b/web/html2x.pl index a034f0e58..43218682d 100755 --- a/web/html2x.pl +++ b/web/html2x.pl @@ -19,14 +19,16 @@ if ($format =~ /^markdown\+$/) { } # Validate URL and format -unless ($url =~ /^(https?:\/\/)?[\w#?_-]+(\.[\w#?_-]+)+[\w\/#?_.-]*$/) { +unless ($url =~ /^(https?:\/\/)?[\w#_-]+(\.[\w#_-]+)+[\w\/#=?_.-]*$/) { die "Illegal URL: $url\n" ; } unless ($format =~ /^markdown\+?|rst|latex|context|rtf|man|docbook$/) { die "Illegal format: $format\n"; } -my $output = `wget -O- $url | tidy -asxhtml -utf8 | pandoc -w $format $options`; +# Note - pass through head to truncate file to 100K if greater. +# This should prevent certain kinds of DoS attacks. +my $output = `wget -O- $url | head -c100000 | tidy -asxhtml -utf8 | pandoc -w $format $options`; if ($output =~ /^\s*$/) { print start_html, h1("No output"), |