You are viewing a plain text version of this content. The canonical link for it is here.

Posted to test-cvs@httpd.apache.org by st...@apache.org on 2004/12/04 19:20:03 UTC

svn commit: r109817 - /httpd/test/trunk/perl-framework/Apache-Test/Changes /httpd/test/trunk/perl-framework/Apache-Test/lib/Apache/TestConfig.pm

Author: stas
Date: Sat Dec  4 10:20:01 2004
New Revision: 109817

URL: http://svn.apache.org/viewcvs?view=rev&rev=109817
Log:
fix the tainting of @INC (by untaintinig top_dir variable)

Modified:
   httpd/test/trunk/perl-framework/Apache-Test/Changes
   httpd/test/trunk/perl-framework/Apache-Test/lib/Apache/TestConfig.pm

Modified: httpd/test/trunk/perl-framework/Apache-Test/Changes
Url: http://svn.apache.org/viewcvs/httpd/test/trunk/perl-framework/Apache-Test/Changes?view=diff&rev=109817&p1=httpd/test/trunk/perl-framework/Apache-Test/Changes&r1=109816&p2=httpd/test/trunk/perl-framework/Apache-Test/Changes&r2=109817
==============================================================================
--- httpd/test/trunk/perl-framework/Apache-Test/Changes	(original)
+++ httpd/test/trunk/perl-framework/Apache-Test/Changes	Sat Dec  4 10:20:01 2004
@@ -8,7 +8,9 @@
 
 =item 1.17-dev
 
-fix Apache::TestConfig::open_cmd to run properly under -T [Stas]
+resolve -T taint issues: [Stas]
+- untaint $cmd in Apache::TestConfig::open_cmd
+- fix the tainting of @INC (by untaintinig top_dir variable)
 
 require Cwd 2.06 or higher (to solve File::Spec::rel2abs problems
 under -T). Enforce the modules version requirements for those who

Modified: httpd/test/trunk/perl-framework/Apache-Test/lib/Apache/TestConfig.pm
Url: http://svn.apache.org/viewcvs/httpd/test/trunk/perl-framework/Apache-Test/lib/Apache/TestConfig.pm?view=diff&rev=109817&p1=httpd/test/trunk/perl-framework/Apache-Test/lib/Apache/TestConfig.pm&r1=109816&p2=httpd/test/trunk/perl-framework/Apache-Test/lib/Apache/TestConfig.pm&r2=109817
==============================================================================
--- httpd/test/trunk/perl-framework/Apache-Test/lib/Apache/TestConfig.pm	(original)
+++ httpd/test/trunk/perl-framework/Apache-Test/lib/Apache/TestConfig.pm	Sat Dec  4 10:20:01 2004
@@ -264,6 +264,9 @@
 
     $vars->{top_dir} ||= fastcwd;
     $vars->{top_dir} = pop_dir($vars->{top_dir}, 't');
+    # untaint as we are going to use it a lot later on in -T sensitive
+    # operations (.e.g @INC)
+    $vars->{top_dir} = $1 if $vars->{top_dir} =~ /(.*)/;
 
     $self->add_inc;
 
@@ -1043,7 +1046,7 @@
     $ENV{PATH} = join ':', grep !/^\./, split /:/, $ENV{PATH};
 
     # launder for -T
-    $cmd =~ /(.*)/; $cmd = $1;
+    $cmd = $1 if $cmd =~ /(.*)/;
 
     my $handle = Symbol::gensym();
     open $handle, "$cmd|" or die "$cmd failed: $!";