summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authormkanat%bugzilla.org <>2009-11-02 15:50:18 +0100
committermkanat%bugzilla.org <>2009-11-02 15:50:18 +0100
commite0deda7524d6389ecb93d291c4f6951039f1a086 (patch)
tree72ff0fc43004ec1f83862390406c3553633c62ab
parent81ee29e716aa161a9a53301239ae19a39baec482 (diff)
downloadbugzilla-e0deda7524d6389ecb93d291c4f6951039f1a086.tar.gz
bugzilla-e0deda7524d6389ecb93d291c4f6951039f1a086.tar.xz
Bug 518404: Make email_in.pl run in taint mode
Patch by Vitaliy Filippov <vitalif@yourcmc.ru> r=mkanat, a=mkanat
-rwxr-xr-x[-rw-r--r--]email_in.pl10
1 files changed, 7 insertions, 3 deletions
diff --git a/email_in.pl b/email_in.pl
index f06dd0e31..1ec2a19df 100644..100755
--- a/email_in.pl
+++ b/email_in.pl
@@ -1,4 +1,4 @@
-#!/usr/bin/perl -w
+#!/usr/bin/perl -wT
# -*- Mode: perl; indent-tabs-mode: nil -*-
#
# The contents of this file are subject to the Mozilla Public
@@ -26,7 +26,11 @@ use warnings;
# run from this one so that it can find its modules.
use Cwd qw(abs_path);
use File::Basename qw(dirname);
-BEGIN { chdir dirname(abs_path($0)); }
+BEGIN {
+ # Untaint the abs_path.
+ my ($a) = abs_path($0) =~ /^(.*)$/;
+ chdir dirname($a);
+}
use lib qw(. lib);
@@ -503,7 +507,7 @@ normal Bugzilla interface. So, for example, you cannot reassign
a bug and change its status at the same time.
The email interface only accepts emails that are correctly formatted
-perl RFC2822. If you send it an incorrectly formatted message, it
+per RFC2822. If you send it an incorrectly formatted message, it
may behave in an unpredictable fashion.
You cannot send an HTML mail along with attachments. If you do, Bugzilla