From: mkanat%bugzilla.org <> Date: Mon, 22 Dec 2008 15:50:50 +0000 (+0000) Subject: Bug 470442: Only delete tainted environment variables if we're running in taint mode X-Git-Tag: bugzilla-3.3.1~30 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=570ca770d29d7800f79d6789c2b1142e383a348a;p=thirdparty%2Fbugzilla.git Bug 470442: Only delete tainted environment variables if we're running in taint mode Patch By Max Kanat-Alexander r=LpSolit, a=LpSolit --- diff --git a/Bugzilla.pm b/Bugzilla.pm index 354d051481..00740682c0 100644 --- a/Bugzilla.pm +++ b/Bugzilla.pm @@ -83,11 +83,14 @@ use constant SHUTDOWNHTML_EXIT_SILENTLY => [ sub init_page { (binmode STDOUT, ':utf8') if Bugzilla->params->{'utf8'}; - # Some environment variables are not taint safe - delete @::ENV{'PATH', 'IFS', 'CDPATH', 'ENV', 'BASH_ENV'}; - # Some modules throw undefined errors (notably File::Spec::Win32) if - # PATH is undefined. - $ENV{'PATH'} = ''; + + if (${^TAINT}) { + # Some environment variables are not taint safe + delete @::ENV{'PATH', 'IFS', 'CDPATH', 'ENV', 'BASH_ENV'}; + # Some modules throw undefined errors (notably File::Spec::Win32) if + # PATH is undefined. + $ENV{'PATH'} = ''; + } # IIS prints out warnings to the webpage, so ignore them, or log them # to a file if the file exists. diff --git a/checksetup.pl b/checksetup.pl index 74b21dfdac..da368a822c 100755 --- a/checksetup.pl +++ b/checksetup.pl @@ -95,10 +95,7 @@ exit if $switch{'check-modules'}; # then instead of our nice normal checksetup message, the user would # get a cryptic perl error about the missing module. -# We need $::ENV{'PATH'} to remain defined. -my $env = $::ENV{'PATH'}; require Bugzilla; -$::ENV{'PATH'} = $env; require Bugzilla::Config; import Bugzilla::Config qw(:admin); diff --git a/testserver.pl b/testserver.pl index 9b649277ca..d3cab1dc55 100755 --- a/testserver.pl +++ b/testserver.pl @@ -21,13 +21,7 @@ use strict; use lib qw(. lib); -BEGIN { - my $envpath = $ENV{'PATH'}; - require Bugzilla; - # $ENV{'PATH'} is required by the 'ps' command to run correctly. - $ENV{'PATH'} = $envpath; -} - +use Bugzilla; use Bugzilla::Constants; use Socket;