From 2a609ad58ffde7e3b03b3fb576c0012e99beba55 Mon Sep 17 00:00:00 2001
From: "bbaetz%student.usyd.edu.au" <>
Date: Wed, 10 Jul 2002 06:40:31 +0000
Subject: bug 155861 - showdependancygraph.cgi fails taint check with local dot
 installation r=gerv, myk

---
 showdependencygraph.cgi | 11 ++++++-----
 1 file changed, 6 insertions(+), 5 deletions(-)

(limited to 'showdependencygraph.cgi')

diff --git a/showdependencygraph.cgi b/showdependencygraph.cgi
index cf2122540..2a5d20f6c 100755
--- a/showdependencygraph.cgi
+++ b/showdependencygraph.cgi
@@ -75,8 +75,6 @@ if (!defined($::FORM{'id'}) && !defined($::FORM{'doall'})) {
     exit;
 }    
 
-mkdir("data/webdot", 0777);
-
 my $filename = "data/webdot/$$.dot";
 my $urlbase = Param('urlbase');
 
@@ -189,10 +187,13 @@ if ($webdotbase =~ /^https?:/) {
 
 # Cleanup any old .dot files created from previous runs.
 my $since = time() - 24 * 60 * 60;
-foreach my $f (glob("data/webdot/*.dot 
-                     data/webdot/*.png 
-                     data/webdot/*.map"))
+# Can't use glob, since even calling that fails taint checks for perl < 5.6
+opendir(DIR, "data/webdot/");
+my @files = grep { /\.dot$|\.png$|\.map$/ && -f "data/webdot/$_" } readdir(DIR);
+closedir DIR;
+foreach my $f (@files)
 {
+    $f = "data/webdot/$f";
     # Here we are deleting all old files. All entries are from the
     # data/webdot/ directory. Since we're deleting the file (not following
     # symlinks), this can't escape to delete anything it shouldn't
-- 
cgit v1.2.3-24-g4f1b