You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@spamassassin.apache.org by mm...@apache.org on 2015/11/13 00:59:41 UTC

svn commit: r1714143 - /spamassassin/branches/3.4/lib/Mail/SpamAssassin/Util.pm

Author: mmartinec
Date: Thu Nov 12 23:59:41 2015
New Revision: 1714143

URL: http://svn.apache.org/viewvc?rev=1714143&view=rev
Log:
Bug 7264 - Allow '(' and ')' in paths when untainting

Modified:
    spamassassin/branches/3.4/lib/Mail/SpamAssassin/Util.pm

Modified: spamassassin/branches/3.4/lib/Mail/SpamAssassin/Util.pm
URL: http://svn.apache.org/viewvc/spamassassin/branches/3.4/lib/Mail/SpamAssassin/Util.pm?rev=1714143&r1=1714142&r2=1714143&view=diff
==============================================================================
--- spamassassin/branches/3.4/lib/Mail/SpamAssassin/Util.pm (original)
+++ spamassassin/branches/3.4/lib/Mail/SpamAssassin/Util.pm Thu Nov 12 23:59:41 2015
@@ -238,10 +238,11 @@ sub untaint_file_path {
   return '' if ($path eq '');
 
   local ($1);
-  # Barry Jaspan: allow ~ and spaces, good for Windows.  Also return ''
-  # if input is '', as it is a safe path.
-  my $chars = '-_A-Za-z0-9\xA0-\xFF\.\%\@\=\+\,\/\\\:';
-  my $re = qr/^\s*([$chars][${chars}~ ]*)$/o;
+  # Barry Jaspan: allow ~ and spaces, good for Windows.
+  # Also return '' if input is '', as it is a safe path.
+  # Bug 7264: allow also parenthesis, e.g. "C:\Program Files (x86)"
+  my $chars = '-_A-Za-z0-9.%=+,/:()\\@\\xA0-\\xFF\\\\';
+  my $re = qr{^\s*([$chars][${chars}~ ]*)\z}o;
 
   if ($path =~ $re) {
     $path = $1;