Bug 987742 (part 2): correctly detaint $ENV{PATH} on Strawberry Perl

author Frédéric Buclin <LpSolit@gmail.com>

Sat, 26 Mar 2016 23:31:42 +0000 (00:31 +0100)

committer Frédéric Buclin <LpSolit@gmail.com>

Sat, 26 Mar 2016 23:31:42 +0000 (00:31 +0100)
author Frédéric Buclin <LpSolit@gmail.com>
Sat, 26 Mar 2016 23:31:42 +0000 (00:31 +0100)
committer Frédéric Buclin <LpSolit@gmail.com>
Sat, 26 Mar 2016 23:31:42 +0000 (00:31 +0100)
diff --git a/Bugzilla.pm b/Bugzilla.pm

index 9cb15a7eec4d84e1ce09b1159fcf426e0ef56152..e4772e08b8163529fe0bab19ed42c1e85c43804d 100644 (file)
--- a/Bugzilla.pm
+++ b/Bugzilla.pm
@@ -96,6 +96,7 @@ sub init_page {
                  my $c_path = $path = dirname($^X);
                  $c_path =~ s/\bperl\b(?=\\bin)/c/;
                  $path .= ";$c_path";
+                trick_taint($path);
              }
          }
          # Some environment variables are not taint safe
author	Frédéric Buclin <LpSolit@gmail.com>
	Sat, 26 Mar 2016 23:31:42 +0000 (00:31 +0100)
committer	Frédéric Buclin <LpSolit@gmail.com>
	Sat, 26 Mar 2016 23:31:42 +0000 (00:31 +0100)