From e22d3269f7d450ba90e42073943fc16bcc81a568 Mon Sep 17 00:00:00 2001
From: in2 <in2@63ad8ddf-47c3-0310-b6dd-a9e9d9715204>
Date: Sat, 6 Sep 2003 03:14:15 +0000
Subject: blog security fix

git-svn-id: http://opensvn.csie.org/pttbbs/trunk/pttbbs@1161 63ad8ddf-47c3-0310-b6dd-a9e9d9715204
---
 mbbsd/announce.c | 8 ++++++++
 1 file changed, 8 insertions(+)

(limited to 'mbbsd')

diff --git a/mbbsd/announce.c b/mbbsd/announce.c
index c8f69baf..ac001d28 100644
--- a/mbbsd/announce.c
+++ b/mbbsd/announce.c
@@ -1133,8 +1133,16 @@ void BlogMain(int num)
 	    break;
 	case '4':{
 	    char    hash[35];
+	    int     i;
 	    getdata(16, 0, "請輸入該篇的雜湊值: ",
 		    hash, sizeof(hash), DOECHO);
+	    for( i = 0 ; hash[i] != 0 ; ++i ) /* 前面用 getdata() 保證有 \0 */
+		if( !islower(hash[i]) && !isnumber(hash[i]) )
+		    break;
+	    if( i != 32 ){
+		vmsg("輸入錯誤");
+		break;
+	    }
 	    if( hash[0] != 0 && 
 		getans("請確定刪除(Y/N)?[N] ") == 'y' ){
 		MYSQL   mysql;
-- 
cgit v1.2.3