Skip to content
Projects
Groups
Snippets
Help
This project
Loading...
Sign in / Register
Toggle navigation
bugzilla
Project
Project
Details
Activity
Cycle Analytics
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Issues
0
Issues
0
List
Board
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Charts
Registry
Registry
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Charts
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
Ivan Ivlev
bugzilla
Commits
570ca770
Commit
570ca770
authored
Dec 22, 2008
by
mkanat%bugzilla.org
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Bug 470442: Only delete tainted environment variables if we're running in taint mode
Patch By Max Kanat-Alexander <mkanat@bugzilla.org> r=LpSolit, a=LpSolit
parent
70b73512
Hide whitespace changes
Inline
Side-by-side
Showing
3 changed files
with
9 additions
and
15 deletions
+9
-15
Bugzilla.pm
Bugzilla.pm
+8
-5
checksetup.pl
checksetup.pl
+0
-3
testserver.pl
testserver.pl
+1
-7
No files found.
Bugzilla.pm
View file @
570ca770
...
...
@@ -83,11 +83,14 @@ use constant SHUTDOWNHTML_EXIT_SILENTLY => [
sub
init_page
{
(
binmode
STDOUT
,
':utf8'
)
if
Bugzilla
->
params
->
{
'utf8'
};
# Some environment variables are not taint safe
delete
@::ENV
{
'PATH'
,
'IFS'
,
'CDPATH'
,
'ENV'
,
'BASH_ENV'
};
# Some modules throw undefined errors (notably File::Spec::Win32) if
# PATH is undefined.
$ENV
{
'PATH'
}
=
''
;
if
(
$
{
^
TAINT
})
{
# Some environment variables are not taint safe
delete
@::ENV
{
'PATH'
,
'IFS'
,
'CDPATH'
,
'ENV'
,
'BASH_ENV'
};
# Some modules throw undefined errors (notably File::Spec::Win32) if
# PATH is undefined.
$ENV
{
'PATH'
}
=
''
;
}
# IIS prints out warnings to the webpage, so ignore them, or log them
# to a file if the file exists.
...
...
checksetup.pl
View file @
570ca770
...
...
@@ -95,10 +95,7 @@ exit if $switch{'check-modules'};
# then instead of our nice normal checksetup message, the user would
# get a cryptic perl error about the missing module.
# We need $::ENV{'PATH'} to remain defined.
my
$env
=
$::ENV
{
'PATH'
};
require
Bugzilla
;
$::ENV
{
'PATH'
}
=
$env
;
require
Bugzilla::
Config
;
import
Bugzilla::
Config
qw(:admin)
;
...
...
testserver.pl
View file @
570ca770
...
...
@@ -21,13 +21,7 @@
use
strict
;
use
lib
qw(. lib)
;
BEGIN
{
my
$envpath
=
$ENV
{
'PATH'
};
require
Bugzilla
;
# $ENV{'PATH'} is required by the 'ps' command to run correctly.
$ENV
{
'PATH'
}
=
$envpath
;
}
use
Bugzilla
;
use
Bugzilla::
Constants
;
use
Socket
;
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment