[Lxr-commits] CVS: lxr/lib/LXR/Files CVS.pm,1.32,1.33

[Malcolm B. <mb...@us...>]

Update of /cvsroot/lxr/lxr/lib/LXR/Files
In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv20746/lxr/lib/LXR/Files

Modified Files:
	CVS.pm 
Log Message:
Add test cases for Security and for some CVS bugs.

Enable taint mode for mod_perl - should reduce security vulnerabilities

Index: CVS.pm
===================================================================
RCS file: /cvsroot/lxr/lxr/lib/LXR/Files/CVS.pm,v
retrieving revision 1.32
retrieving revision 1.33
diff -u -d -r1.32 -r1.33
--- CVS.pm	2 Sep 2004 18:50:03 -0000	1.32
+++ CVS.pm	4 May 2005 23:21:09 -0000	1.33
@@ -27,17 +27,20 @@
 
 use vars qw(%cvs $cache_filename $gnu_diff);
 
+$cache_filename = '';
+
 sub new {
 	my ($self, $rootpath) = @_;
 
 	$self = bless({}, $self);
 	$self->{'rootpath'} = $rootpath;
 	$self->{'rootpath'} =~ s@/*$@/@;
-
+	$self->{'path'} = $config->cvspath;
+	
 	unless (defined $gnu_diff) {
 
 		# the rcsdiff command (used in getdiff) uses parameters only supported by GNU diff
-		$ENV{'PATH'} = '/bin:/usr/local/bin:/usr/bin:/usr/sbin';
+		$ENV{'PATH'} = $self->{'path'};
 		if (`diff --version 2>/dev/null` =~ /GNU/) {
 			$gnu_diff = 1;
 		} else {
@@ -169,7 +172,7 @@
 	$clean_filename =~ /(.*)/;
 	$clean_filename = $1;    # technically untaint here (cleanstring did the real untainting)
 
-	$ENV{'PATH'} = '/bin:/usr/local/bin:/usr/bin:/usr/sbin';
+	$ENV{'PATH'} = $self->{'path'};
 	open($fileh, "-|", "co -q -p$rev $clean_filename");
 
 	die("Error executing \"co\"; rcs not installed?") unless $fileh;
@@ -198,7 +201,7 @@
 	$clean_filename =~ /(.*)/;
 	$clean_filename = $1;    # technically untaint here (cleanstring did the real untainting)
 
-	$ENV{'PATH'} = '/bin:/usr/local/bin:/usr/bin:/usr/sbin';
+	$ENV{'PATH'} = $self->{'path'};
 	open($fileh, "-|", "rcsdiff -q -a -n -r$rev1 -r$rev2 $clean_filename");
 
 	die("Error executing \"rcsdiff\"; rcs not installed?") unless $fileh;