From c594d00a40b52ef03e46e1499d74c55065b52857 Mon Sep 17 00:00:00 2001 From: "bbaetz%student.usyd.edu.au" <> Date: Tue, 16 Apr 2002 15:25:52 +0000 Subject: Bug 125427 - Taint error in duplicates.cgi with perl < 5.6 r=gerv, myk --- duplicates.cgi | 58 +++++++++++++++++++++++++++++++++++++++------------------- 1 file changed, 39 insertions(+), 19 deletions(-) diff --git a/duplicates.cgi b/duplicates.cgi index a85eb6bb7..11eb52f49 100755 --- a/duplicates.cgi +++ b/duplicates.cgi @@ -69,20 +69,36 @@ $sortby = "count" if $sortby eq "dup_count"; my $today = days_ago(0); my $yesterday = days_ago(1); -if () { - dbmopen(%dbmcount, "data/duplicates/dupes$today", 0644) - || DisplayError("Can't open today ($today)'s dupes file: $!") - && exit; -} -elsif () { - dbmopen(%dbmcount, "data/duplicates/dupes$yesterday", 0644) - || DisplayError("Can't open yesterday ($yesterday)'s dupes file: $!") - && exit; -} -else { - DisplayError("There are no duplicate statistics for today ($today) or - yesterday."); - exit; +# We don't know the exact file name, because the extention depends on the +# underlying dbm library, which could be anything. We can't glob, because +# perl < 5.6 considers if (<*>) { ... } to be tainted +# Instead, just check the return value for today's data and yesterday's, +# and ignore file not found errors + +use Errno; +use Fcntl; + +if (!tie(%dbmcount, 'AnyDBM_File', "data/duplicates/dupes$today", + O_RDONLY, 0644)) { + if ($!{ENOENT}) { + if (!tie(%dbmcount, 'AnyDBM_File', "data/duplicates/dupes$yesterday", + O_RDONLY, 0644)) { + if ($!{ENOENT}) { + ThrowUserError("There are no duplicate statistics for today " . + "($today) or yesterday.", + "Cannot find duplicate statistics"); + } else { + ThrowUserError("There are no duplicate statistics for today " . + "($today), and an error occurred when " . + "accessing yesterday's dupes file: $!.", + "Error reading yesterday's dupes file"); + } + } + } else { + ThrowUserError("An error occurred when accessing today ($today)'s " . + "dupes file: $!.", + "Error reading today's dupes file"); + } } # Copy hash (so we don't mess up the on-disk file when we remove entries) @@ -101,11 +117,15 @@ my $dobefore = 0; my %delta; my $whenever = days_ago($changedsince); -if () { - dbmopen(%before, "data/duplicates/dupes$whenever", 0644) - || DisplayError("Can't open $changedsince days ago ($whenever)'s " . - "dupes file: $!"); - +if (!tie(%before, 'AnyDBM_File', "data/duplicates/dupes$whenever", + O_RDONLY, 0644)) { + # Ignore file not found errors + if (!$!{ENOENT}) { + ThrowUserError("Can't open $changedsince days ago ($whenever)'s " . + "dupes file: $!", + "Error reading previous dupes file"); + } +} else { # Calculate the deltas ($delta{$_} = $count{$_} - $before{$_}) foreach (keys(%count)); -- cgit v1.2.1