From: Frédéric Buclin <LpSolit@gmail.com>
Date: Sat, 26 Mar 2016 23:31:42 +0000 (+0100)
Subject: Bug 987742 (part 2): correctly detaint $ENV{PATH} on Strawberry Perl
X-Git-Tag: release-5.0.3~15
X-Git-Url: http://git.ipfire.org/gitweb/gitweb.cgi?a=commitdiff_plain;h=28ec15f1723f6d0c9bcceef8f86aa16a68b5fd93;p=thirdparty%2Fbugzilla.git

Bug 987742 (part 2): correctly detaint $ENV{PATH} on Strawberry Perl
---

diff --git a/Bugzilla.pm b/Bugzilla.pm
index 9cb15a7eec..e4772e08b8 100644
--- a/Bugzilla.pm
+++ b/Bugzilla.pm
@@ -96,6 +96,7 @@ sub init_page {
                 my $c_path = $path = dirname($^X);
                 $c_path =~ s/\bperl\b(?=\\bin)/c/;
                 $path .= ";$c_path";
+                trick_taint($path);
             }
         }
         # Some environment variables are not taint safe