Bug 518404: Make email_in.pl run in taint mode

Patch by Vitaliy Filippov <vitalif@yourcmc.ru> r=mkanat, a=mkanat

Bug 518404: Make email_in.pl run in taint mode
e0deda75 · mkanat%bugzilla.org · 81ee29e7 · e0deda75
Commit e0deda75 authored Nov 02, 2009 by mkanat%bugzilla.org
Hide whitespace changes
Inline Side-by-side

Showing with 7 additions and 3 deletions

email_in.pl email_in.pl +7 -3

No files found.
--- a/email_in.pl
+++ b/email_in.pl
-#!/usr/bin/perl -w
+#!/usr/bin/perl -wT
 # -*- Mode: perl; indent-tabs-mode: nil -*-
 #
 # The contents of this file are subject to the Mozilla Public
@@ -26,7 +26,11 @@ use warnings;
 # run from this one so that it can find its modules.
 use Cwd qw(abs_path);
 use File::Basename qw(dirname);
-BEGIN { chdir dirname(abs_path($0)); }
+BEGIN {
+    # Untaint the abs_path.
+    my ($a) = abs_path($0) =~ /^(.*)$/;
+    chdir dirname($a);
+}

 use lib qw(. lib);

@@ -503,7 +507,7 @@ normal Bugzilla interface. So, for example, you cannot reassign
 a bug and change its status at the same time.

 The email interface only accepts emails that are correctly formatted
-perl RFC2822. If you send it an incorrectly formatted message, it
+per RFC2822. If you send it an incorrectly formatted message, it
 may behave in an unpredictable fashion.

 You cannot send an HTML mail along with attachments. If you do, Bugzilla