From: jocuri%softhome.net <>
Date: Sun, 19 Oct 2003 05:46:22 +0000 (+0000)
Subject: Bug 221977: Insecure dependency in require while running with -T switch at Bugzilla... 
X-Git-Tag: bugzilla-2.17.5~36
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=1fb505eb4677ff52a7e03e75996812d687df8ff5;p=thirdparty%2Fbugzilla.git

Bug 221977: Insecure dependency in require while running with -T switch at Bugzilla/Auth.pm; patch by Dave Miller (justdave@bugzilla.org); r=gerv; a=justdave.
---

diff --git a/Bugzilla/Auth.pm b/Bugzilla/Auth.pm
index 902ae0f051..21d4409604 100644
--- a/Bugzilla/Auth.pm
+++ b/Bugzilla/Auth.pm
@@ -29,6 +29,12 @@ use Bugzilla::Constants;
 # 'inherit' from the main loginmethod
 BEGIN {
     my $loginmethod = Param("loginmethod");
+    if ($loginmethod =~ /^([A-Za-z0-9_\.\-]+)$/) {
+        $loginmethod = $1;
+    }
+    else {
+        die "Badly-named loginmethod '$loginmethod'";
+    }
     require "Bugzilla/Auth/" . $loginmethod . ".pm";
 
     our @ISA;