On Fri, Jul 05, 2002 at 02:58:30PM +0100, Andy Wardley wrote:
> * Fixed a potential race condition when using compiled templates
> by changing Template::Document::write_perl_file() to write
> to a temporary file and then rename it into place, thus preventing
> two separate processes attempting to write the same file at the
> same time.
rename is tainting.
--- lib/Template/Document.pm 2002-07-31 18:17:12.000000000 +0200
+++ /usr/local/lib/perl/5.6.1/Template/Document.pm 2002-07-31
18:17:23.000000000 +0200
@@ -283,7 +283,10 @@
close($fh);
};
return $class->error($@) if $@;
-
+
+ # untaint (blindly)
+ $file =~ /(.*)/; $file = $1;
+ $tmpfile =~ /(.*)/; $tmpfile = $1;
return rename($tmpfile, $file)
|| $class->error($!);
}
PS: I'm experiencing problems with the site and mailing list, am I the
only one ?
--
Yann Kerherv� http://apr-job.com APR-JOB
[EMAIL PROTECTED] TEL: +33 (1) 4652 6810 9, rue de Lens
PGP: 1C32A1B7 92000 Nanterre
_______________________________________________
templates mailing list
[EMAIL PROTECTED]
http://www.template-toolkit.org/mailman/listinfo/templates
