On Sun, 5 Dec 2004, Stas Bekman wrote:
Randy Kobes wrote:
If apxs is installed on Win32, it is usually specified as a .bat file. In querying apxs in apxs() of Apache::TestConfig, however, Win32 needs both the path to cmd.exe (for running a .bat command) and to Perl (in order to run apxs.bat) in order to get something from $val = qx($apxs -q $q 2>$devnull); This diff:
If it's only win32 case then +1 but if other platforms may have the same problem, may be it's better to blindly launder $ENV{PATH} like we do in a few other places (in which case there will be no need for this change, as the right paths will be there already, correct?)
That's right - what about the following, copied from the open_cmd sub of Apache::Build (for Win32, this needs to use the ';' as the directory separator within $ENV{PATH}, rather than ':'. ============================================================== Index: lib/Apache/TestConfig.pm =================================================================== --- lib/Apache/TestConfig.pm (revision 110064) +++ lib/Apache/TestConfig.pm (working copy) @@ -1043,7 +1043,8 @@ # Temporarily untaint PATH (local $ENV{PATH}) = ( $ENV{PATH} =~ /(.*)/ ); # -T disallows relative directories in the PATH - $ENV{PATH} = join ':', grep !/^\./, split /:/, $ENV{PATH}; + my $sep = WIN32 ? ';' : ':'; + $ENV{PATH} = join $sep, grep !/^\./, split /$sep/, $ENV{PATH};
# launder for -T $cmd = $1 if $cmd =~ /(.*)/; @@ -1657,7 +1658,12 @@ return unless $self->{APXS}; my $val; unless (exists $self->{_apxs}{$q}) { - local @ENV{ qw(PATH IFS CDPATH ENV BASH_ENV) }; + local @ENV{ qw(IFS CDPATH ENV BASH_ENV) }; + # Temporarily untaint PATH + (local $ENV{PATH}) = ( $ENV{PATH} =~ /(.*)/ ); + # -T disallows relative directories in the PATH + my $sep = WIN32 ? ';' : ':'; + $ENV{PATH} = join $sep, grep !/^\./, split /$sep/, $ENV{PATH}; my $devnull = devnull(); my $apxs = shell_ready($self->{APXS}); $val = qx($apxs -q $q 2>$devnull);
As soon as you see dup like this, think refactoring :) e.g. add untaint_path(), that does the work and call it:
local $ENV{PATH}) = untaint_path($ENV{PATH});Otherwise +1.
And of course this wrapper should probably used in open_cmd too!
Also is there some File::Spec thingy that defines record separator in paths?
-- __________________________________________________________________ Stas Bekman JAm_pH ------> Just Another mod_perl Hacker http://stason.org/ mod_perl Guide ---> http://perl.apache.org mailto:[EMAIL PROTECTED] http://use.perl.org http://apacheweek.com http://modperlbook.org http://apache.org http://ticketmaster.com
