Update of /cvsroot/lxr/lxr/lib/LXR/Files
In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv20746/lxr/lib/LXR/Files
Modified Files:
CVS.pm
Log Message:
Add test cases for Security and for some CVS bugs.
Enable taint mode for mod_perl - should reduce security vulnerabilities
Index: CVS.pm
===================================================================
RCS file: /cvsroot/lxr/lxr/lib/LXR/Files/CVS.pm,v
retrieving revision 1.32
retrieving revision 1.33
diff -u -d -r1.32 -r1.33
--- CVS.pm 2 Sep 2004 18:50:03 -0000 1.32
+++ CVS.pm 4 May 2005 23:21:09 -0000 1.33
@@ -27,17 +27,20 @@
use vars qw(%cvs $cache_filename $gnu_diff);
+$cache_filename = '';
+
sub new {
my ($self, $rootpath) = @_;
$self = bless({}, $self);
$self->{'rootpath'} = $rootpath;
$self->{'rootpath'} =~ s@/*$@/@;
-
+ $self->{'path'} = $config->cvspath;
+
unless (defined $gnu_diff) {
# the rcsdiff command (used in getdiff) uses parameters only supported by GNU diff
- $ENV{'PATH'} = '/bin:/usr/local/bin:/usr/bin:/usr/sbin';
+ $ENV{'PATH'} = $self->{'path'};
if (`diff --version 2>/dev/null` =~ /GNU/) {
$gnu_diff = 1;
} else {
@@ -169,7 +172,7 @@
$clean_filename =~ /(.*)/;
$clean_filename = $1; # technically untaint here (cleanstring did the real untainting)
- $ENV{'PATH'} = '/bin:/usr/local/bin:/usr/bin:/usr/sbin';
+ $ENV{'PATH'} = $self->{'path'};
open($fileh, "-|", "co -q -p$rev $clean_filename");
die("Error executing \"co\"; rcs not installed?") unless $fileh;
@@ -198,7 +201,7 @@
$clean_filename =~ /(.*)/;
$clean_filename = $1; # technically untaint here (cleanstring did the real untainting)
- $ENV{'PATH'} = '/bin:/usr/local/bin:/usr/bin:/usr/sbin';
+ $ENV{'PATH'} = $self->{'path'};
open($fileh, "-|", "rcsdiff -q -a -n -r$rev1 -r$rev2 $clean_filename");
die("Error executing \"rcsdiff\"; rcs not installed?") unless $fileh;
|
