diff options
author | mkanat%bugzilla.org <> | 2009-11-02 15:50:18 +0100 |
---|---|---|
committer | mkanat%bugzilla.org <> | 2009-11-02 15:50:18 +0100 |
commit | e0deda7524d6389ecb93d291c4f6951039f1a086 (patch) | |
tree | 72ff0fc43004ec1f83862390406c3553633c62ab | |
parent | 81ee29e716aa161a9a53301239ae19a39baec482 (diff) | |
download | bugzilla-e0deda7524d6389ecb93d291c4f6951039f1a086.tar.gz bugzilla-e0deda7524d6389ecb93d291c4f6951039f1a086.tar.xz |
Bug 518404: Make email_in.pl run in taint mode
Patch by Vitaliy Filippov <vitalif@yourcmc.ru> r=mkanat, a=mkanat
-rwxr-xr-x[-rw-r--r--] | email_in.pl | 10 |
1 files changed, 7 insertions, 3 deletions
diff --git a/email_in.pl b/email_in.pl index f06dd0e31..1ec2a19df 100644..100755 --- a/email_in.pl +++ b/email_in.pl @@ -1,4 +1,4 @@ -#!/usr/bin/perl -w +#!/usr/bin/perl -wT # -*- Mode: perl; indent-tabs-mode: nil -*- # # The contents of this file are subject to the Mozilla Public @@ -26,7 +26,11 @@ use warnings; # run from this one so that it can find its modules. use Cwd qw(abs_path); use File::Basename qw(dirname); -BEGIN { chdir dirname(abs_path($0)); } +BEGIN { + # Untaint the abs_path. + my ($a) = abs_path($0) =~ /^(.*)$/; + chdir dirname($a); +} use lib qw(. lib); @@ -503,7 +507,7 @@ normal Bugzilla interface. So, for example, you cannot reassign a bug and change its status at the same time. The email interface only accepts emails that are correctly formatted -perl RFC2822. If you send it an incorrectly formatted message, it +per RFC2822. If you send it an incorrectly formatted message, it may behave in an unpredictable fashion. You cannot send an HTML mail along with attachments. If you do, Bugzilla |