diff options
| author | bbaetz%student.usyd.edu.au <> | 2002-07-10 08:40:31 +0200 |
|---|---|---|
| committer | bbaetz%student.usyd.edu.au <> | 2002-07-10 08:40:31 +0200 |
| commit | 2a609ad58ffde7e3b03b3fb576c0012e99beba55 (patch) | |
| tree | 04949298dda64b7a61cca580dabb469693fda3f8 /showdependencygraph.cgi | |
| parent | 75082eeb8e619fdd839593f1e74053ccd7d58137 (diff) | |
| download | bugzilla-2a609ad58ffde7e3b03b3fb576c0012e99beba55.tar.gz bugzilla-2a609ad58ffde7e3b03b3fb576c0012e99beba55.tar.xz | |
bug 155861 - showdependancygraph.cgi fails taint check with local dot
installation
r=gerv, myk
Diffstat (limited to 'showdependencygraph.cgi')
| -rwxr-xr-x | showdependencygraph.cgi | 11 |
1 files changed, 6 insertions, 5 deletions
diff --git a/showdependencygraph.cgi b/showdependencygraph.cgi index cf2122540..2a5d20f6c 100755 --- a/showdependencygraph.cgi +++ b/showdependencygraph.cgi @@ -75,8 +75,6 @@ if (!defined($::FORM{'id'}) && !defined($::FORM{'doall'})) { exit; } -mkdir("data/webdot", 0777); - my $filename = "data/webdot/$$.dot"; my $urlbase = Param('urlbase'); @@ -189,10 +187,13 @@ if ($webdotbase =~ /^https?:/) { # Cleanup any old .dot files created from previous runs. my $since = time() - 24 * 60 * 60; -foreach my $f (glob("data/webdot/*.dot - data/webdot/*.png - data/webdot/*.map")) +# Can't use glob, since even calling that fails taint checks for perl < 5.6 +opendir(DIR, "data/webdot/"); +my @files = grep { /\.dot$|\.png$|\.map$/ && -f "data/webdot/$_" } readdir(DIR); +closedir DIR; +foreach my $f (@files) { + $f = "data/webdot/$f"; # Here we are deleting all old files. All entries are from the # data/webdot/ directory. Since we're deleting the file (not following # symlinks), this can't escape to delete anything it shouldn't |