diff options
author | wurblzap%gmail.com <> | 2006-10-21 03:52:24 +0200 |
---|---|---|
committer | wurblzap%gmail.com <> | 2006-10-21 03:52:24 +0200 |
commit | ea2d2a47281ac947297587c2619df190bf3c23c4 (patch) | |
tree | 61367f4bdb2fa5d419a0aedd29e675b5801c3d83 /Bugzilla/Util.pm | |
parent | c2f38f17cfa3aad8a13ee6eb02944b52d9e79037 (diff) | |
download | bugzilla-ea2d2a47281ac947297587c2619df190bf3c23c4.tar.gz bugzilla-ea2d2a47281ac947297587c2619df190bf3c23c4.tar.xz |
Bug 340538: Insecure dependency in exec while running with -T switch at /usr/lib/perl5/site_perl/5.8.6/Mail/Mailer/sendmail.pm line 16.
Patch by Marc Schumann <wurblzap@gmail.com>,
r=LpSolit, a=myk
Diffstat (limited to 'Bugzilla/Util.pm')
-rw-r--r-- | Bugzilla/Util.pm | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/Bugzilla/Util.pm b/Bugzilla/Util.pm index d346d2547..4a87ff042 100644 --- a/Bugzilla/Util.pm +++ b/Bugzilla/Util.pm @@ -456,6 +456,10 @@ sub validate_email_syntax { my ($addr) = @_; my $match = Bugzilla->params->{'emailregexp'}; my $ret = ($addr =~ /$match/ && $addr !~ /[\\\(\)<>&,;:"\[\] \t\r\n]/); + if ($ret) { + # We assume these checks to suffice to consider the address untainted. + trick_taint($_[0]); + } return $ret ? 1 : 0; } @@ -893,6 +897,7 @@ and tokens. Do a syntax checking for a legal email address and returns 1 if the check is successful, else returns 0. +Untaints C<$email> if successful. =item C<validate_date($date)> |