From 9d8e3ef8873724dff896687a783dbd1ff3295297 Mon Sep 17 00:00:00 2001
From: "lpsolit%gmail.com" <>
Date: Wed, 14 Jun 2006 07:26:27 +0000
Subject: Bug 313255: Move $::ENV{foo} and $::SIG{foo} out of globals.pl -
 Patch by Frédéric Buclin <LpSolit@gmail.com> r=mkanat a=myk
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 Bugzilla.pm | 3 +++
 1 file changed, 3 insertions(+)

(limited to 'Bugzilla.pm')

diff --git a/Bugzilla.pm b/Bugzilla.pm
index 349b05f5f..a100c0cff 100644
--- a/Bugzilla.pm
+++ b/Bugzilla.pm
@@ -59,6 +59,9 @@ use constant SHUTDOWNHTML_EXIT_SILENTLY => [
 # Global Code
 #####################################################################
 
+# Some environment variables are not taint safe
+delete @::ENV{'PATH', 'IFS', 'CDPATH', 'ENV', 'BASH_ENV'};
+
 # If Bugzilla is shut down, do not allow anything to run, just display a
 # message to the user about the downtime and log out.  Scripts listed in 
 # SHUTDOWNHTML_EXEMPT are exempt from this message.
-- 
cgit v1.2.3-24-g4f1b