You are viewing a plain text version of this content. The canonical link for it is here.

Posted to test-cvs@httpd.apache.org by st...@apache.org on 2004/12/08 06:52:19 UTC

svn commit: r111218 - /httpd/test/trunk/perl-framework/Apache-Test/lib/Apache/TestConfig.pm

Author: stas
Date: Tue Dec  7 21:52:19 2004
New Revision: 111218

URL: http://svn.apache.org/viewcvs?view=rev&rev=111218
Log:
properly untaint path on win32 (different separator: ';')
move the untaint code into its own wrapper: untaint_path()
contributed by: Randy Kobes 

Modified:
   httpd/test/trunk/perl-framework/Apache-Test/lib/Apache/TestConfig.pm

Modified: httpd/test/trunk/perl-framework/Apache-Test/lib/Apache/TestConfig.pm
Url: http://svn.apache.org/viewcvs/httpd/test/trunk/perl-framework/Apache-Test/lib/Apache/TestConfig.pm?view=diff&rev=111218&p1=httpd/test/trunk/perl-framework/Apache-Test/lib/Apache/TestConfig.pm&r1=111217&p2=httpd/test/trunk/perl-framework/Apache-Test/lib/Apache/TestConfig.pm&r2=111218
==============================================================================
--- httpd/test/trunk/perl-framework/Apache-Test/lib/Apache/TestConfig.pm	(original)
+++ httpd/test/trunk/perl-framework/Apache-Test/lib/Apache/TestConfig.pm	Tue Dec  7 21:52:19 2004
@@ -1045,11 +1045,7 @@
     my($self, $cmd) = @_;
     # untaint some %ENV fields
     local @ENV{ qw(IFS CDPATH ENV BASH_ENV) };
-
-    # Temporarily untaint PATH
-    (local $ENV{PATH}) = ( $ENV{PATH} =~ /(.*)/ );
-    # -T disallows relative directories in the PATH
-    $ENV{PATH} = join ':', grep !/^\./, split /:/, $ENV{PATH};
+    local $ENV{PATH} = untaint_path($ENV{PATH});
 
     # launder for -T
     $cmd = $1 if $cmd =~ /(.*)/;
@@ -1663,7 +1659,8 @@
     return unless $self->{APXS};
     my $val;
     unless (exists $self->{_apxs}{$q}) {
-        local @ENV{ qw(PATH IFS CDPATH ENV BASH_ENV) };
+        local @ENV{ qw(IFS CDPATH ENV BASH_ENV) };
+        local $ENV{PATH} = untaint_path($ENV{PATH});
         my $devnull = devnull();
         my $apxs = shell_ready($self->{APXS});
         $val = qx($apxs -q $q 2>$devnull);
@@ -1682,6 +1679,17 @@
         }
     }
     $self->{_apxs}{$q};
+}
+
+# Temporarily untaint PATH
+sub untaint_path {
+    my $path = shift;
+    ($path) = ( $path =~ /(.*)/ );
+    # win32 uses ';' for a path separator, assume others use ':'
+    my $sep = WIN32 ? ';' : ':';
+    # -T disallows relative directories in the PATH
+    $path = join $sep, grep !/^\./, split /$sep/, $path;
+    return $path;
 }
 
 sub pop_dir {