Bug 470442: Only delete tainted environment variables if we're running in taint mode

Patch By Max Kanat-Alexander <mkanat@bugzilla.org> r=LpSolit, a=LpSolit
author: mkanat%bugzilla.org <> 2008-12-22 16:50:50 +0100
committer: mkanat%bugzilla.org <> 2008-12-22 16:50:50 +0100
commit: 570ca770d29d7800f79d6789c2b1142e383a348a (patch)
tree: 7a7e33417c8aef4c66d2e718efa87e75d1ace56e /Bugzilla.pm
parent: 70b735126db509eda6f7d2c8cab64e3293b8319f (diff)
download: bugzilla-570ca770d29d7800f79d6789c2b1142e383a348a.tar.gz
bugzilla-570ca770d29d7800f79d6789c2b1142e383a348a.tar.xz
1 files changed, 8 insertions, 5 deletions
diff --git a/Bugzilla.pm b/Bugzilla.pm
index 354d05148..00740682c 100644
--- a/Bugzilla.pm
+++ b/Bugzilla.pm
@@ -83,11 +83,14 @@ use constant SHUTDOWNHTML_EXIT_SILENTLY => [
 sub init_page {
     (binmode STDOUT, ':utf8') if Bugzilla->params->{'utf8'};
 
-    # Some environment variables are not taint safe
-    delete @::ENV{'PATH', 'IFS', 'CDPATH', 'ENV', 'BASH_ENV'};
-    # Some modules throw undefined errors (notably File::Spec::Win32) if
-    # PATH is undefined.
-    $ENV{'PATH'} = '';
+
+    if (${^TAINT}) {
+        # Some environment variables are not taint safe
+        delete @::ENV{'PATH', 'IFS', 'CDPATH', 'ENV', 'BASH_ENV'};
+        # Some modules throw undefined errors (notably File::Spec::Win32) if
+        # PATH is undefined.
+        $ENV{'PATH'} = '';
+    }
 
     # IIS prints out warnings to the webpage, so ignore them, or log them
     # to a file if the file exists.
author	mkanat%bugzilla.org <>	2008-12-22 16:50:50 +0100
committer	mkanat%bugzilla.org <>	2008-12-22 16:50:50 +0100
commit	570ca770d29d7800f79d6789c2b1142e383a348a (patch)
tree	7a7e33417c8aef4c66d2e718efa87e75d1ace56e /Bugzilla.pm
parent	70b735126db509eda6f7d2c8cab64e3293b8319f (diff)
download	bugzilla-570ca770d29d7800f79d6789c2b1142e383a348a.tar.gz bugzilla-570ca770d29d7800f79d6789c2b1142e383a348a.tar.xz