diff options
author | bbaetz%student.usyd.edu.au <> | 2002-06-04 12:47:27 +0000 |
---|---|---|
committer | bbaetz%student.usyd.edu.au <> | 2002-06-04 12:47:27 +0000 |
commit | b4c02643fcf1586496bafcdda50e8219dc3fa0df (patch) | |
tree | 73276f17ed04fa1babf3b71caf6a902e41827728 /globals.pl | |
parent | a162877b07097cf590f436aa6ce13ca12d54b0a6 (diff) | |
download | bugs-b4c02643fcf1586496bafcdda50e8219dc3fa0df.tar bugs-b4c02643fcf1586496bafcdda50e8219dc3fa0df.tar.gz bugs-b4c02643fcf1586496bafcdda50e8219dc3fa0df.tar.bz2 bugs-b4c02643fcf1586496bafcdda50e8219dc3fa0df.tar.xz bugs-b4c02643fcf1586496bafcdda50e8219dc3fa0df.zip |
Bug 143574 - taint errors with alternate formats. Also make data/template
writable for non webservergroup users.
r=myk, justdave
Diffstat (limited to 'globals.pl')
-rw-r--r-- | globals.pl | 10 |
1 files changed, 9 insertions, 1 deletions
diff --git a/globals.pl b/globals.pl index 637955bd6..99af6ffa4 100644 --- a/globals.pl +++ b/globals.pl @@ -1680,7 +1680,15 @@ sub GetOutputFormats { # Loop over each file in the sub-directory looking for format files # (files whose name looks like SCRIPT-FORMAT.EXT.tmpl). foreach my $file (@files) { - if ($file =~ /^\Q$script\E-(.+)\.(.+)\.(tmpl)$/) { + if ($file =~ /^\Q$script\E-(.+)\.(.+)\.tmpl$/) { + # This must be a valid file + # If an attacker could add a previously unused format + # type to trick us into running it, then they could just + # change an existing one... + # (This implies that running without a webservergroup is + # insecure, but that is the case anyway) + trick_taint($file); + $formats->{$1} = { 'template' => $file , 'extension' => $2 , |