From 1fb505eb4677ff52a7e03e75996812d687df8ff5 Mon Sep 17 00:00:00 2001
From: "jocuri%softhome.net" <>
Date: Sun, 19 Oct 2003 05:46:22 +0000
Subject: Bug 221977: Insecure dependency in require while running with -T
 switch at Bugzilla/Auth.pm; patch by Dave Miller (justdave@bugzilla.org);
 r=gerv; a=justdave.

---
 Bugzilla/Auth.pm | 6 ++++++
 1 file changed, 6 insertions(+)

(limited to 'Bugzilla/Auth.pm')

diff --git a/Bugzilla/Auth.pm b/Bugzilla/Auth.pm
index 902ae0f05..21d440960 100644
--- a/Bugzilla/Auth.pm
+++ b/Bugzilla/Auth.pm
@@ -29,6 +29,12 @@ use Bugzilla::Constants;
 # 'inherit' from the main loginmethod
 BEGIN {
     my $loginmethod = Param("loginmethod");
+    if ($loginmethod =~ /^([A-Za-z0-9_\.\-]+)$/) {
+        $loginmethod = $1;
+    }
+    else {
+        die "Badly-named loginmethod '$loginmethod'";
+    }
     require "Bugzilla/Auth/" . $loginmethod . ".pm";
 
     our @ISA;
-- 
cgit v1.2.3-24-g4f1b