You are viewing a plain text version of this content. The canonical link for it is here.
Posted to modperl-cvs@perl.apache.org by do...@hyperreal.org on 1998/07/12 21:54:18 UTC
cvs commit: modperl/src/modules/perl Apache.xs mod_perl.c mod_perl.h perl_util.c
dougm 98/07/12 12:54:18
Modified: . Changes ToDo
src/modules/perl Apache.xs mod_perl.c mod_perl.h perl_util.c
Log:
ensure Apache::Server::CWD is untainted
Revision Changes Path
1.66 +2 -0 modperl/Changes
Index: Changes
===================================================================
RCS file: /export/home/cvs/modperl/Changes,v
retrieving revision 1.65
retrieving revision 1.66
diff -u -r1.65 -r1.66
--- Changes 1998/07/12 19:27:42 1.65
+++ Changes 1998/07/12 19:54:13 1.66
@@ -8,6 +8,8 @@
=item 1.12_01-dev
+ensure Apache::Server::CWD is untainted
+
add support to compile with -DPERL_OBJECT (win32 + 5.004_72+)
add dir_merge support for directive handlers
1.39 +0 -2 modperl/ToDo
Index: ToDo
===================================================================
RCS file: /export/home/cvs/modperl/ToDo,v
retrieving revision 1.38
retrieving revision 1.39
diff -u -r1.38 -r1.39
--- ToDo 1998/07/12 19:27:42 1.38
+++ ToDo 1998/07/12 19:54:13 1.39
@@ -16,8 +16,6 @@
(well, close to it anyhow)
---------------------------------------------------------------------------
-- mod_perl_untaint($Apache::Server::CWD)
-
- compat.h problem
- mod_perl.pm + CPAN indexer
1.39 +2 -7 modperl/src/modules/perl/Apache.xs
Index: Apache.xs
===================================================================
RCS file: /export/home/cvs/modperl/src/modules/perl/Apache.xs,v
retrieving revision 1.38
retrieving revision 1.39
diff -u -r1.38 -r1.39
--- Apache.xs 1998/07/08 18:05:38 1.38
+++ Apache.xs 1998/07/12 19:54:14 1.39
@@ -460,13 +460,8 @@
CODE:
if(!tainting) XSRETURN_EMPTY;
- for(i=1; i<items; i++) {
- if (SvTYPE(ST(i)) >= SVt_PVMG && SvMAGIC(ST(i))) {
- MAGIC *mg = mg_find(ST(i), 't');
- if (mg)
- mg->mg_len &= ~1;
- }
- }
+ for(i=1; i<items; i++)
+ mod_perl_untaint(ST(i));
void
taint(...)
1.29 +1 -0 modperl/src/modules/perl/mod_perl.c
Index: mod_perl.c
===================================================================
RCS file: /export/home/cvs/modperl/src/modules/perl/mod_perl.c,v
retrieving revision 1.28
retrieving revision 1.29
diff -u -r1.28 -r1.29
--- mod_perl.c 1998/07/12 19:27:44 1.28
+++ mod_perl.c 1998/07/12 19:54:16 1.29
@@ -354,6 +354,7 @@
GV *gv = gv_fetchpv(name, GV_ADDMULTI, SVt_PV);
SV *cwd = perl_eval_pv("require Cwd; Cwd::fastcwd()", TRUE);
sv_setsv(GvSV(gv), cwd);
+ mod_perl_untaint(GvSV(gv));
}
#ifdef PERL_TIE_SCRIPTNAME
1.32 +1 -0 modperl/src/modules/perl/mod_perl.h
Index: mod_perl.h
===================================================================
RCS file: /export/home/cvs/modperl/src/modules/perl/mod_perl.h,v
retrieving revision 1.31
retrieving revision 1.32
diff -u -r1.31 -r1.32
--- mod_perl.h 1998/07/12 19:27:44 1.31
+++ mod_perl.h 1998/07/12 19:54:16 1.32
@@ -934,6 +934,7 @@
SV *array_header2avrv(array_header *arr);
array_header *avrv2array_header(SV *avrv, pool *p);
table *hvrv2table(SV *rv);
+void mod_perl_untaint(SV *sv);
SV *mod_perl_gensym (char *pack);
SV *mod_perl_tie_table(table *t);
SV *perl_hvrv_magic_obj(SV *rv);
1.15 +10 -0 modperl/src/modules/perl/perl_util.c
Index: perl_util.c
===================================================================
RCS file: /export/home/cvs/modperl/src/modules/perl/perl_util.c,v
retrieving revision 1.14
retrieving revision 1.15
diff -u -r1.14 -r1.15
--- perl_util.c 1998/06/17 17:07:17 1.14
+++ perl_util.c 1998/07/12 19:54:17 1.15
@@ -103,6 +103,16 @@
return (table *)SvIV((SV*)SvRV(rv));
}
+void mod_perl_untaint(SV *sv)
+{
+ if(!tainting) return;
+ if (SvTYPE(sv) >= SVt_PVMG && SvMAGIC(sv)) {
+ MAGIC *mg = mg_find(sv, 't');
+ if (mg)
+ mg->mg_len &= ~1;
+ }
+}
+
/* same as Symbol::gensym() */
SV *mod_perl_gensym (char *pack)
{