You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@spamassassin.apache.org by mm...@apache.org on 2015/11/13 00:59:41 UTC
svn commit: r1714143 -
/spamassassin/branches/3.4/lib/Mail/SpamAssassin/Util.pm
Author: mmartinec
Date: Thu Nov 12 23:59:41 2015
New Revision: 1714143
URL: http://svn.apache.org/viewvc?rev=1714143&view=rev
Log:
Bug 7264 - Allow '(' and ')' in paths when untainting
Modified:
spamassassin/branches/3.4/lib/Mail/SpamAssassin/Util.pm
Modified: spamassassin/branches/3.4/lib/Mail/SpamAssassin/Util.pm
URL: http://svn.apache.org/viewvc/spamassassin/branches/3.4/lib/Mail/SpamAssassin/Util.pm?rev=1714143&r1=1714142&r2=1714143&view=diff
==============================================================================
--- spamassassin/branches/3.4/lib/Mail/SpamAssassin/Util.pm (original)
+++ spamassassin/branches/3.4/lib/Mail/SpamAssassin/Util.pm Thu Nov 12 23:59:41 2015
@@ -238,10 +238,11 @@ sub untaint_file_path {
return '' if ($path eq '');
local ($1);
- # Barry Jaspan: allow ~ and spaces, good for Windows. Also return ''
- # if input is '', as it is a safe path.
- my $chars = '-_A-Za-z0-9\xA0-\xFF\.\%\@\=\+\,\/\\\:';
- my $re = qr/^\s*([$chars][${chars}~ ]*)$/o;
+ # Barry Jaspan: allow ~ and spaces, good for Windows.
+ # Also return '' if input is '', as it is a safe path.
+ # Bug 7264: allow also parenthesis, e.g. "C:\Program Files (x86)"
+ my $chars = '-_A-Za-z0-9.%=+,/:()\\@\\xA0-\\xFF\\\\';
+ my $re = qr{^\s*([$chars][${chars}~ ]*)\z}o;
if ($path =~ $re) {
$path = $1;