diff options
-rw-r--r-- | Bugzilla.pm | 3 | ||||
-rw-r--r-- | Bugzilla/CGI.pm | 18 | ||||
-rwxr-xr-x | checksetup.pl | 14 | ||||
-rw-r--r-- | globals.pl | 26 |
4 files changed, 22 insertions, 39 deletions
diff --git a/Bugzilla.pm b/Bugzilla.pm index 349b05f5f..a100c0cff 100644 --- a/Bugzilla.pm +++ b/Bugzilla.pm @@ -59,6 +59,9 @@ use constant SHUTDOWNHTML_EXIT_SILENTLY => [ # Global Code ##################################################################### +# Some environment variables are not taint safe +delete @::ENV{'PATH', 'IFS', 'CDPATH', 'ENV', 'BASH_ENV'}; + # If Bugzilla is shut down, do not allow anything to run, just display a # message to the user about the downtime and log out. Scripts listed in # SHUTDOWNHTML_EXEMPT are exempt from this message. diff --git a/Bugzilla/CGI.pm b/Bugzilla/CGI.pm index bc2d39b99..b578b617c 100644 --- a/Bugzilla/CGI.pm +++ b/Bugzilla/CGI.pm @@ -45,6 +45,24 @@ use Bugzilla::Config; # We need to disable output buffering - see bug 179174 $| = 1; +# Ignore SIGTERM and SIGPIPE - this prevents DB corruption. If the user closes +# their browser window while a script is running, the webserver sends these +# signals, and we don't want to die half way through a write. +$::SIG{TERM} = 'IGNORE'; +$::SIG{PIPE} = 'IGNORE'; + +# The following subroutine is for debugging purposes only. +# Uncommenting this sub and the $::SIG{__DIE__} trap underneath it will +# cause any fatal errors to result in a call stack trace to help track +# down weird errors. +#sub die_with_dignity { +# use Carp; # for confess() +# my ($err_msg) = @_; +# print $err_msg; +# confess($err_msg); +#} +#$::SIG{__DIE__} = \&die_with_dignity; + # CGI.pm uses AUTOLOAD, but explicitly defines a DESTROY sub. # We need to do so, too, otherwise perl dies when the object is destroyed # and we don't have a DESTROY method (because CGI.pm's AUTOLOAD will |die| diff --git a/checksetup.pl b/checksetup.pl index 7e7f7b4e1..f5380e22e 100755 --- a/checksetup.pl +++ b/checksetup.pl @@ -1500,24 +1500,12 @@ import Bugzilla::User qw(insert_new_user); require Bugzilla::Bug; import Bugzilla::Bug qw(is_open_state); -# globals.pl clears the PATH, but File::Find uses Cwd::cwd() instead of -# Cwd::getcwd(), which we need to do because `pwd` isn't in the path - see -# http://www.xray.mpe.mpg.de/mailing-lists/perl5-porters/2001-09/msg00115.html -# As a workaround, since we only use File::Find in checksetup, which doesn't -# run in taint mode anyway, preserve the path... -my $origPath = $::ENV{'PATH'}; - # Use the Bugzilla utility library for various functions. We do this # here rather than at the top of the file so globals.pl doesn't define # localconfig variables for us before we get a chance to check for -# their existence and create them if they don't exist. Also, globals.pl -# removes $ENV{'path'}, which we need in order to run `which mysql` above. +# their existence and create them if they don't exist. require "globals.pl"; -# ...and restore it. This doesn't change tainting, so this will still cause -# errors if this script ever does run with -T. -$::ENV{'PATH'} = $origPath; - ########################################################################### # Check Database setup ########################################################################### diff --git a/globals.pl b/globals.pl index 9d47c6d78..64d35f303 100644 --- a/globals.pl +++ b/globals.pl @@ -67,32 +67,6 @@ use Date::Parse; # For str2time(). # Use standard Perl libraries for cross-platform file/directory manipulation. use File::Spec; - -# Some environment variables are not taint safe -delete @::ENV{'PATH', 'IFS', 'CDPATH', 'ENV', 'BASH_ENV'}; - -# Cwd.pm in perl 5.6.1 gives a warning if $::ENV{'PATH'} isn't defined -# Set this to '' so that we don't get warnings cluttering the logs on every -# system call -$::ENV{'PATH'} = ''; - -# Ignore SIGTERM and SIGPIPE - this prevents DB corruption. If the user closes -# their browser window while a script is running, the webserver sends these -# signals, and we don't want to die half way through a write. -$::SIG{TERM} = 'IGNORE'; -$::SIG{PIPE} = 'IGNORE'; - -# The following subroutine is for debugging purposes only. -# Uncommenting this sub and the $::SIG{__DIE__} trap underneath it will -# cause any fatal errors to result in a call stack trace to help track -# down weird errors. -#sub die_with_dignity { -# use Carp; # for confess() -# my ($err_msg) = @_; -# print $err_msg; -# confess($err_msg); -#} -#$::SIG{__DIE__} = \&die_with_dignity; # XXXX - this needs to go away sub GenerateVersionTable { |