diff options
author | jocuri%softhome.net <> | 2003-10-19 07:46:22 +0200 |
---|---|---|
committer | jocuri%softhome.net <> | 2003-10-19 07:46:22 +0200 |
commit | 1fb505eb4677ff52a7e03e75996812d687df8ff5 (patch) | |
tree | 9e8e013aa4ae5e3a43bb3c95a925087bfd611659 | |
parent | f297526924af890364685b94ab20c04a253c82a6 (diff) | |
download | bugzilla-1fb505eb4677ff52a7e03e75996812d687df8ff5.tar.gz bugzilla-1fb505eb4677ff52a7e03e75996812d687df8ff5.tar.xz |
Bug 221977: Insecure dependency in require while running with -T switch at Bugzilla/Auth.pm; patch by Dave Miller (justdave@bugzilla.org); r=gerv; a=justdave.
-rw-r--r-- | Bugzilla/Auth.pm | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/Bugzilla/Auth.pm b/Bugzilla/Auth.pm index 902ae0f05..21d440960 100644 --- a/Bugzilla/Auth.pm +++ b/Bugzilla/Auth.pm @@ -29,6 +29,12 @@ use Bugzilla::Constants; # 'inherit' from the main loginmethod BEGIN { my $loginmethod = Param("loginmethod"); + if ($loginmethod =~ /^([A-Za-z0-9_\.\-]+)$/) { + $loginmethod = $1; + } + else { + die "Badly-named loginmethod '$loginmethod'"; + } require "Bugzilla/Auth/" . $loginmethod . ".pm"; our @ISA; |