You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@spamassassin.apache.org by he...@apache.org on 2022/03/24 05:16:31 UTC

svn commit: r1899164 - /spamassassin/trunk/lib/Mail/SpamAssassin/Util.pm

Author: hege
Date: Thu Mar 24 05:16:31 2022
New Revision: 1899164

URL: http://svn.apache.org/viewvc?rev=1899164&view=rev
Log:
Bug 7958 - Allow '#' in paths when untainting

Modified:
    spamassassin/trunk/lib/Mail/SpamAssassin/Util.pm

Modified: spamassassin/trunk/lib/Mail/SpamAssassin/Util.pm
URL: http://svn.apache.org/viewvc/spamassassin/trunk/lib/Mail/SpamAssassin/Util.pm?rev=1899164&r1=1899163&r2=1899164&view=diff
==============================================================================
--- spamassassin/trunk/lib/Mail/SpamAssassin/Util.pm (original)
+++ spamassassin/trunk/lib/Mail/SpamAssassin/Util.pm Thu Mar 24 05:16:31 2022
@@ -276,7 +276,7 @@ sub untaint_file_path {
   # Barry Jaspan: allow ~ and spaces, good for Windows.
   # Also return '' if input is '', as it is a safe path.
   # Bug 7264: allow also parenthesis, e.g. "C:\Program Files (x86)"
-  my $chars = '-_A-Za-z0-9.%=+,/:()\\@\\xA0-\\xFF\\\\';
+  my $chars = '-_A-Za-z0-9.#%=+,/:()\\@\\xA0-\\xFF\\\\';
   my $re = qr{^\s*([$chars][${chars}~ ]*)\z};
 
   if ($path =~ $re) {