Re: [SQLObject] Fixing debian bug 605185
SQLObject is a Python ORM.
Brought to you by:
ianbicking,
phd
From: Neil M. <drn...@gm...> - 2011-11-01 14:31:55
|
On 1 November 2011 16:07, Oleg Broytman <ph...@ph...> wrote: > On Tue, Nov 01, 2011 at 03:59:23PM +0200, Neil Muller wrote: >> Debian currently has a bug against sqlobject for an insecure use of >> PYTHONPATH in the docs/rebuild script - >> http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=605185 . While it is >> a minor issue, it's easy enough to do the right thing, so seems worth >> fixing. >> >> Patch attached. >> >> -- >> Neil Muller >> drn...@gm... > > Thank you! > >> I've got a gmail account. Why haven't I become cool? > >> Index: docs/rebuild >> =================================================================== >> --- docs/rebuild (revision 4465) >> +++ docs/rebuild (working copy) >> @@ -3,7 +3,7 @@ >> here=`pwd` >> parent=`dirname $here` >> echo "Adding $parent to \$PYTHONPATH" >> -export PYTHONPATH=$parent:$PYTHONPATH >> +export PYTHONPATH=$parent${PYTHONPATH:+:$PYTHONPATH} > > Strange syntax ${PYTHONPATH:+:$PYTHONPATH} . Are you sure? Shouldn't > it be just ${PYTHONPATH:+$PYTHONPATH} ? It does look a little strange, but it is correct. It's the POSIX shell alternate value syntax with ":$PYTHONPATH" as the alternate value. If the ':' is excluded, there's no separator between $parent and $PYTHONPATH when PYTHONPATH is set, and the separator must only be added when PYTHONPATH is already set to fix the bug. -- Neil Muller drn...@gm... I've got a gmail account. Why haven't I become cool? |