[Lxr-commits] CVS: lxr/lib/LXR/Files CVS.pm,1.23,1.24
Brought to you by:
ajlittoz
From: Dave B. <bro...@us...> - 2004-07-15 14:41:23
|
Update of /cvsroot/lxr/lxr/lib/LXR/Files In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv15328/lib/LXR/Files Modified Files: CVS.pm Log Message: allow all special characters through http parms so we we can do rexeps. but using taint checking now and handle quotes properly in forms Index: CVS.pm =================================================================== RCS file: /cvsroot/lxr/lxr/lib/LXR/Files/CVS.pm,v retrieving revision 1.23 retrieving revision 1.24 diff -u -d -r1.23 -r1.24 --- CVS.pm 1 Jul 2004 13:57:03 -0000 1.23 +++ CVS.pm 15 Jul 2004 14:41:04 -0000 1.24 @@ -158,11 +158,15 @@ return undef unless defined($self->toreal($filename, $release)); - open($fileh, "-|", "co -q -p$rev ". - $self->cleanstring($self->toreal($filename, $release))); + $rev =~ /([\d\.]*)/; $rev = $1; # untaint + my $clean_filename = $self->cleanstring($self->toreal($filename, $release)); + $clean_filename =~ /(.*)/; $clean_filename = $1; # technically untaint here (cleanstring did the real untainting) + + $ENV{'PATH'} = '/bin:/usr/local/bin:/usr/bin:/usr/sbin'; + open($fileh, "-|", "co -q -p$rev $clean_filename"); - die("Error executing \"co\"; rcs not installed?") unless $fileh; - return $fileh; + die("Error executing \"co\"; rcs not installed?") unless $fileh; + return $fileh; } sub getdiff { @@ -177,8 +181,13 @@ my $rev2 = $self->filerev($filename, $release2); return undef unless defined($rev2); - open($fileh, "-|", "rcsdiff -q -a -n -r$rev1 -r$rev2 ". - $self->cleanstring($self->toreal($filename, $release1))); + $rev1 =~ /([\d\.]*)/; $rev1 = $1; # untaint + $rev2 =~ /([\d\.]*)/; $rev2 = $1; # untaint + my $clean_filename = $self->cleanstring($self->toreal($filename, $release1)); + $clean_filename =~ /(.*)/; $clean_filename = $1; # technically untaint here (cleanstring did the real untainting) + + $ENV{'PATH'} = '/bin:/usr/local/bin:/usr/bin:/usr/sbin'; + open($fileh, "-|", "rcsdiff -q -a -n -r$rev1 -r$rev2 $clean_filename"); die("Error executing \"rcsdiff\"; rcs not installed?") unless $fileh; return $fileh->getlines; |