You are viewing a plain text version of this content. The canonical link for it is here.
Posted to test-dev@perl.apache.org by Stas Bekman <st...@stason.org> on 2005/12/24 07:29:28 UTC
Re: svn commit: r358859 - in /perl/Apache-Test/trunk: Changes lib/Apache/TestConfig.pm
stas@apache.org wrote:
> Author: stas
> Date: Fri Dec 23 11:51:41 2005
> New Revision: 358859
>
> URL: http://svn.apache.org/viewcvs?rev=358859&view=rev
> Log:
> Adjust Apache::TestConfig::untaint_path() to handle relative paths
> that don't start with /.
Randy, it has just dawned on me that this change may have a problem on
win32. Should it be !m#^(?:[^/\\]|$)#? but then it won't catch C:\\.
What's the cleanest regex here?
To remind it needs to remove the following 4 cases:
::
:./foo/bar:
:../foo/bar:
:foo/bar:
Please commit whatever seems to work for you. Thank you!
> Modified: perl/Apache-Test/trunk/lib/Apache/TestConfig.pm
> URL: http://svn.apache.org/viewcvs/perl/Apache-Test/trunk/lib/Apache/TestConfig.pm?rev=358859&r1=358858&r2=358859&view=diff
> ==============================================================================
> --- perl/Apache-Test/trunk/lib/Apache/TestConfig.pm (original)
> +++ perl/Apache-Test/trunk/lib/Apache/TestConfig.pm Fri Dec 23 11:51:41 2005
> @@ -1751,7 +1751,7 @@
> # win32 uses ';' for a path separator, assume others use ':'
> my $sep = WIN32 ? ';' : ':';
> # -T disallows relative and empty directories in the PATH
> - return join $sep, grep !/^(\.|$)/, split /$sep/, $path;
> + return join $sep, grep !m#^(?:[^/]|$)#, split /$sep/, $path;
> }
>
> sub pop_dir {
>
--
_____________________________________________________________
Stas Bekman mailto:stas@stason.org http://stason.org/
MailChannels: Assured Messaging(TM) http://mailchannels.com/
The "Practical mod_perl" book http://modperlbook.org/
http://perl.apache.org/ http://perl.org/ http://logilune.com/
Re: svn commit: r358859 - in /perl/Apache-Test/trunk: Changes lib/Apache/TestConfig.pm
Posted by Stas Bekman <st...@stason.org>.
Stas Bekman wrote:
> stas@apache.org wrote:
>
>> Author: stas
>> Date: Fri Dec 23 11:51:41 2005
>> New Revision: 358859
>>
>> URL: http://svn.apache.org/viewcvs?rev=358859&view=rev
>> Log:
>> Adjust Apache::TestConfig::untaint_path() to handle relative paths
>> that don't start with /.
>
>
> Randy, it has just dawned on me that this change may have a problem on
> win32. Should it be !m#^(?:[^/\\]|$)#? but then it won't catch C:\\.
> What's the cleanest regex here?
>
> To remind it needs to remove the following 4 cases:
>
> ::
> :./foo/bar:
> :../foo/bar:
> :foo/bar:
>
> Please commit whatever seems to work for you. Thank you!
Actually, I think using File::Spec->file_name_is_absolute does the trick.
I've committed the following:
- return join $sep, grep !m#^(?:[^/]|$)#, split /$sep/, $path;
+ return join $sep, grep File::Spec->file_name_is_absolute($_),
+ grep length($_), split /$sep/, $path;
Tested with:
use File::Spec;
use constant WIN32 => $^O eq 'MSWin32';
for my $path (<DATA>) {
chomp $path;
my $new = untaint_path($path);
print "$path\n$new\n\n";
}
sub untaint_path {
my $path = shift;
($path) = ( $path =~ /(.*)/ );
# win32 uses ';' for a path separator, assume others use ':'
my $sep = WIN32 ? ';' : ':';
# -T disallows relative and empty directories in the PATH
return join $sep, grep File::Spec->file_name_is_absolute($_),
grep length($_), split /$sep/, $path;
}
__DATA__
::
:./foo/bar:
:../foo/bar:
:foo/bar:
:/foo/bar:
--
_____________________________________________________________
Stas Bekman mailto:stas@stason.org http://stason.org/
MailChannels: Assured Messaging(TM) http://mailchannels.com/
The "Practical mod_perl" book http://modperlbook.org/
http://perl.apache.org/ http://perl.org/ http://logilune.com/