Be exceedingly less strict on the question format.

This may ultimately be a security problem; I wanted to filter the
question for only characters that are valid in bean-query, and at
some point, the right move is to look up what characters in the
bean-query parser that are allowed.  However, I kept running into
problems of finding new characters and this was an easier hack.
This commit is contained in:
Bradley M. Kuhn 2020-09-23 16:45:01 -07:00
parent 72559aa8d6
commit c4e5664bb5
No known key found for this signature in database
GPG key ID: F15E8BD6D05E26B3

View file

@ -184,7 +184,8 @@ while (1) {
print STDERR "sleep for 2 seconds\n" if $VERBOSE > 5; print STDERR "sleep for 2 seconds\n" if $VERBOSE > 5;
sleep 2; sleep 2;
next; next;
} elsif ($query{question} !~ /^[\,\=\~\-\@\w.\s\"\'\_\(\)\<\>\*\.\!]+$/) { # } elsif ($query{question} !~ /^[\,\=\~\-\@\w.\s\"\'\_\(\)\<\>\*\.\!\^\:\$\|]+$/) {
} elsif ($query{question} !~ /^[\s\S]+$/) {
print STDERR "Query string $query{question} looks suspicious, not running beancount query!\n"; print STDERR "Query string $query{question} looks suspicious, not running beancount query!\n";
(tied %query)->shlock; (tied %query)->shlock;
$query{fifoName} = mktemp("REJECTED_beancount-query-fifo-this-file-does-not-exist_${$}_XXXXXXXXX"); $query{fifoName} = mktemp("REJECTED_beancount-query-fifo-this-file-does-not-exist_${$}_XXXXXXXXX");