Commit 570ca770 authored by mkanat%bugzilla.org's avatar mkanat%bugzilla.org

Bug 470442: Only delete tainted environment variables if we're running in taint mode

Patch By Max Kanat-Alexander <mkanat@bugzilla.org> r=LpSolit, a=LpSolit
parent 70b73512
......@@ -83,11 +83,14 @@ use constant SHUTDOWNHTML_EXIT_SILENTLY => [
sub init_page {
(binmode STDOUT, ':utf8') if Bugzilla->params->{'utf8'};
if (${^TAINT}) {
# Some environment variables are not taint safe
delete @::ENV{'PATH', 'IFS', 'CDPATH', 'ENV', 'BASH_ENV'};
# Some modules throw undefined errors (notably File::Spec::Win32) if
# PATH is undefined.
$ENV{'PATH'} = '';
}
# IIS prints out warnings to the webpage, so ignore them, or log them
# to a file if the file exists.
......
......@@ -95,10 +95,7 @@ exit if $switch{'check-modules'};
# then instead of our nice normal checksetup message, the user would
# get a cryptic perl error about the missing module.
# We need $::ENV{'PATH'} to remain defined.
my $env = $::ENV{'PATH'};
require Bugzilla;
$::ENV{'PATH'} = $env;
require Bugzilla::Config;
import Bugzilla::Config qw(:admin);
......
......@@ -21,13 +21,7 @@
use strict;
use lib qw(. lib);
BEGIN {
my $envpath = $ENV{'PATH'};
require Bugzilla;
# $ENV{'PATH'} is required by the 'ps' command to run correctly.
$ENV{'PATH'} = $envpath;
}
use Bugzilla;
use Bugzilla::Constants;
use Socket;
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment