From 1f2af64c1fb0d1a45d932c5708d0c53f03c89278 Mon Sep 17 00:00:00 2001 From: "lpsolit%gmail.com" <> Date: Tue, 8 Apr 2008 16:07:23 +0000 Subject: =?UTF-8?q?Bug=20416382:=20Adding=20an=20attachment=20with=20Perl?= =?UTF-8?q?=205.10=20and=20CGI.pm=20<=203.33=20throws=20a=20taint=20error?= =?UTF-8?q?=20-=20Patch=20by=20Fr=C3=83=C2=A9d=C3=83=C2=A9ric=20Buclin=20=20r/a=3Dmkanat?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- Bugzilla/Install/Requirements.pm | 23 +++++++++++++++-------- 1 file changed, 15 insertions(+), 8 deletions(-) diff --git a/Bugzilla/Install/Requirements.pm b/Bugzilla/Install/Requirements.pm index 558db88e2..0bfa9ec87 100644 --- a/Bugzilla/Install/Requirements.pm +++ b/Bugzilla/Install/Requirements.pm @@ -54,11 +54,14 @@ use Bugzilla::Constants; # are 'blacklisted'--that is, even if the version is high enough, Bugzilla # will refuse to say that it's OK to run with that version. sub REQUIRED_MODULES { + my $perl_ver = sprintf('%vd', $^V); my @modules = ( { package => 'CGI', module => 'CGI', - version => '2.93' + # Perl 5.10 requires CGI 3.33 due to a taint issue when + # uploading attachments, see bug 416382. + version => (vers_cmp($perl_ver, '5.10') > -1) ? '3.33' : '2.93' }, { package => 'TimeDate', @@ -222,16 +225,20 @@ sub OPTIONAL_MODULES { version => '1.999022', feature => 'mod_perl' }, + ); + # Even very new releases of perl (5.8.5) don't come with this version, # so I didn't want to make it a general requirement just for # running under mod_cgi. - { - package => 'CGI', - module => 'CGI', - version => '3.11', - feature => 'mod_perl' - }, - ); + # If Perl 5.10 is installed, then CGI 3.33 is already required. So this + # check is only relevant with Perl 5.8.x. + my $perl_ver = sprintf('%vd', $^V); + if (vers_cmp($perl_ver, '5.10') < 0) { + push(@modules, { package => 'CGI', + module => 'CGI', + version => '3.11', + feature => 'mod_perl' }); + } my $all_modules = _get_extension_requirements( 'OPTIONAL_MODULES', \@modules); -- cgit v1.2.1