Author: stas Date: Sat Dec 4 10:20:01 2004 New Revision: 109817 URL: http://svn.apache.org/viewcvs?view=rev&rev=109817 Log: fix the tainting of @INC (by untaintinig top_dir variable)
Modified: httpd/test/trunk/perl-framework/Apache-Test/Changes httpd/test/trunk/perl-framework/Apache-Test/lib/Apache/TestConfig.pm Modified: httpd/test/trunk/perl-framework/Apache-Test/Changes Url: http://svn.apache.org/viewcvs/httpd/test/trunk/perl-framework/Apache-Test/Changes?view=diff&rev=109817&p1=httpd/test/trunk/perl-framework/Apache-Test/Changes&r1=109816&p2=httpd/test/trunk/perl-framework/Apache-Test/Changes&r2=109817 ============================================================================== --- httpd/test/trunk/perl-framework/Apache-Test/Changes (original) +++ httpd/test/trunk/perl-framework/Apache-Test/Changes Sat Dec 4 10:20:01 2004 @@ -8,7 +8,9 @@ =item 1.17-dev -fix Apache::TestConfig::open_cmd to run properly under -T [Stas] +resolve -T taint issues: [Stas] +- untaint $cmd in Apache::TestConfig::open_cmd +- fix the tainting of @INC (by untaintinig top_dir variable) require Cwd 2.06 or higher (to solve File::Spec::rel2abs problems under -T). Enforce the modules version requirements for those who Modified: httpd/test/trunk/perl-framework/Apache-Test/lib/Apache/TestConfig.pm Url: http://svn.apache.org/viewcvs/httpd/test/trunk/perl-framework/Apache-Test/lib/Apache/TestConfig.pm?view=diff&rev=109817&p1=httpd/test/trunk/perl-framework/Apache-Test/lib/Apache/TestConfig.pm&r1=109816&p2=httpd/test/trunk/perl-framework/Apache-Test/lib/Apache/TestConfig.pm&r2=109817 ============================================================================== --- httpd/test/trunk/perl-framework/Apache-Test/lib/Apache/TestConfig.pm (original) +++ httpd/test/trunk/perl-framework/Apache-Test/lib/Apache/TestConfig.pm Sat Dec 4 10:20:01 2004 @@ -264,6 +264,9 @@ $vars->{top_dir} ||= fastcwd; $vars->{top_dir} = pop_dir($vars->{top_dir}, 't'); + # untaint as we are going to use it a lot later on in -T sensitive + # operations (.e.g @INC) + $vars->{top_dir} = $1 if $vars->{top_dir} =~ /(.*)/; $self->add_inc; @@ -1043,7 +1046,7 @@ $ENV{PATH} = join ':', grep !/^\./, split /:/, $ENV{PATH}; # launder for -T - $cmd =~ /(.*)/; $cmd = $1; + $cmd = $1 if $cmd =~ /(.*)/; my $handle = Symbol::gensym(); open $handle, "$cmd|" or die "$cmd failed: $!";