User: dww Branch: DRUPAL-4-7--2 Date: Thu, 09 Nov 2006 09:56:47 +0000 Modified files: /modules/cvslog cvs.module /modules/project/release package-release-nodes.php project_release.module Log message: #92634: securing packaging script and other potential exploits by more rigorous validation of "cvs directory" and version format string: they can now only be alphanumeric with a few safe punctuation (e.g. "_-"). patch by dww from comment 3, with input from Heine, review by Kjartan. Links: http://cvs.drupal.org/diff.php?path=contributions/modules/cvslog/cvs.module&... http://cvs.drupal.org/diff.php?path=contributions/modules/project/release/pa... http://cvs.drupal.org/diff.php?path=contributions/modules/project/release/pr...