From e0deda7524d6389ecb93d291c4f6951039f1a086 Mon Sep 17 00:00:00 2001
From: "mkanat%bugzilla.org" <>
Date: Mon, 2 Nov 2009 14:50:18 +0000
Subject: Bug 518404: Make email_in.pl run in taint mode Patch by Vitaliy
 Filippov <vitalif@yourcmc.ru> r=mkanat, a=mkanat

---
 email_in.pl | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)
 mode change 100644 => 100755 email_in.pl

(limited to 'email_in.pl')

diff --git a/email_in.pl b/email_in.pl
old mode 100644
new mode 100755
index f06dd0e31..1ec2a19df
--- a/email_in.pl
+++ b/email_in.pl
@@ -1,4 +1,4 @@
-#!/usr/bin/perl -w
+#!/usr/bin/perl -wT
 # -*- Mode: perl; indent-tabs-mode: nil -*-
 #
 # The contents of this file are subject to the Mozilla Public
@@ -26,7 +26,11 @@ use warnings;
 # run from this one so that it can find its modules.
 use Cwd qw(abs_path);
 use File::Basename qw(dirname);
-BEGIN { chdir dirname(abs_path($0)); }
+BEGIN {
+    # Untaint the abs_path.
+    my ($a) = abs_path($0) =~ /^(.*)$/;
+    chdir dirname($a);
+}
 
 use lib qw(. lib);
 
@@ -503,7 +507,7 @@ normal Bugzilla interface. So, for example, you cannot reassign
 a bug and change its status at the same time.
 
 The email interface only accepts emails that are correctly formatted
-perl RFC2822. If you send it an incorrectly formatted message, it
+per RFC2822. If you send it an incorrectly formatted message, it
 may behave in an unpredictable fashion.
 
 You cannot send an HTML mail along with attachments. If you do, Bugzilla
-- 
cgit v1.2.3-24-g4f1b