From 570ca770d29d7800f79d6789c2b1142e383a348a Mon Sep 17 00:00:00 2001
From: "mkanat%bugzilla.org" <>
Date: Mon, 22 Dec 2008 15:50:50 +0000
Subject: Bug 470442: Only delete tainted environment variables if we're
 running in taint mode Patch By Max Kanat-Alexander <mkanat@bugzilla.org>
 r=LpSolit, a=LpSolit

---
 Bugzilla.pm | 13 ++++++++-----
 1 file changed, 8 insertions(+), 5 deletions(-)

(limited to 'Bugzilla.pm')

diff --git a/Bugzilla.pm b/Bugzilla.pm
index 354d05148..00740682c 100644
--- a/Bugzilla.pm
+++ b/Bugzilla.pm
@@ -83,11 +83,14 @@ use constant SHUTDOWNHTML_EXIT_SILENTLY => [
 sub init_page {
     (binmode STDOUT, ':utf8') if Bugzilla->params->{'utf8'};
 
-    # Some environment variables are not taint safe
-    delete @::ENV{'PATH', 'IFS', 'CDPATH', 'ENV', 'BASH_ENV'};
-    # Some modules throw undefined errors (notably File::Spec::Win32) if
-    # PATH is undefined.
-    $ENV{'PATH'} = '';
+
+    if (${^TAINT}) {
+        # Some environment variables are not taint safe
+        delete @::ENV{'PATH', 'IFS', 'CDPATH', 'ENV', 'BASH_ENV'};
+        # Some modules throw undefined errors (notably File::Spec::Win32) if
+        # PATH is undefined.
+        $ENV{'PATH'} = '';
+    }
 
     # IIS prints out warnings to the webpage, so ignore them, or log them
     # to a file if the file exists.
-- 
cgit v1.2.3-24-g4f1b