Stas Bekman wrote:
[EMAIL PROTECTED] wrote:
Author: stas
Date: Fri Dec 23 11:51:41 2005
New Revision: 358859
URL: http://svn.apache.org/viewcvs?rev=358859&view=rev
Log:
Adjust Apache::TestConfig::untaint_path() to handle relative paths
that don't start with /.
Randy, it has just dawned on me that this change may have a problem on
win32. Should it be !m#^(?:[^/\\]|$)#? but then it won't catch C:\\.
What's the cleanest regex here?
To remind it needs to remove the following 4 cases:
::
:./foo/bar:
:../foo/bar:
:foo/bar:
Please commit whatever seems to work for you. Thank you!
Actually, I think using File::Spec->file_name_is_absolute does the trick.
I've committed the following:
- return join $sep, grep !m#^(?:[^/]|$)#, split /$sep/, $path;
+ return join $sep, grep File::Spec->file_name_is_absolute($_),
+ grep length($_), split /$sep/, $path;
Tested with:
use File::Spec;
use constant WIN32 => $^O eq 'MSWin32';
for my $path (<DATA>) {
chomp $path;
my $new = untaint_path($path);
print "$path\n$new\n\n";
}
sub untaint_path {
my $path = shift;
($path) = ( $path =~ /(.*)/ );
# win32 uses ';' for a path separator, assume others use ':'
my $sep = WIN32 ? ';' : ':';
# -T disallows relative and empty directories in the PATH
return join $sep, grep File::Spec->file_name_is_absolute($_),
grep length($_), split /$sep/, $path;
}
__DATA__
::
:./foo/bar:
:../foo/bar:
:foo/bar:
:/foo/bar:
--
_____________________________________________________________
Stas Bekman mailto:[EMAIL PROTECTED] http://stason.org/
MailChannels: Assured Messaging(TM) http://mailchannels.com/
The "Practical mod_perl" book http://modperlbook.org/
http://perl.apache.org/ http://perl.org/ http://logilune.com/
