From 2a609ad58ffde7e3b03b3fb576c0012e99beba55 Mon Sep 17 00:00:00 2001 From: "bbaetz%student.usyd.edu.au" <> Date: Wed, 10 Jul 2002 06:40:31 +0000 Subject: bug 155861 - showdependancygraph.cgi fails taint check with local dot installation r=gerv, myk --- showdependencygraph.cgi | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) (limited to 'showdependencygraph.cgi') diff --git a/showdependencygraph.cgi b/showdependencygraph.cgi index cf2122540..2a5d20f6c 100755 --- a/showdependencygraph.cgi +++ b/showdependencygraph.cgi @@ -75,8 +75,6 @@ if (!defined($::FORM{'id'}) && !defined($::FORM{'doall'})) { exit; } -mkdir("data/webdot", 0777); - my $filename = "data/webdot/$$.dot"; my $urlbase = Param('urlbase'); @@ -189,10 +187,13 @@ if ($webdotbase =~ /^https?:/) { # Cleanup any old .dot files created from previous runs. my $since = time() - 24 * 60 * 60; -foreach my $f (glob("data/webdot/*.dot - data/webdot/*.png - data/webdot/*.map")) +# Can't use glob, since even calling that fails taint checks for perl < 5.6 +opendir(DIR, "data/webdot/"); +my @files = grep { /\.dot$|\.png$|\.map$/ && -f "data/webdot/$_" } readdir(DIR); +closedir DIR; +foreach my $f (@files) { + $f = "data/webdot/$f"; # Here we are deleting all old files. All entries are from the # data/webdot/ directory. Since we're deleting the file (not following # symlinks), this can't escape to delete anything it shouldn't -- cgit v1.2.3-24-g4f1b