https://bugs.koozali.org/show_bug.cgi?id=13281
Bug ID: 13281
Summary: useless untainted
Classification: Contribs
Product: SME Contribs
Version: 11.0
Hardware: ---
OS: ---
Status: CONFIRMED
Severity: normal
Priority: P3
Component: smeserver-webhosting
Assignee: [email protected]
Reporter: [email protected]
QA Contact: [email protected]
CC: [email protected]
Target Milestone: ---
Group: security
+++ This bug was initially created as a clone of Bug #13280 +++
perl refusing to use variable in system call and asking to untaint it is to
avoid to see someone insert commands.
using a regex /(.+)/ will indeed make perl think the content is safe, but it is
not !
here is a list of place to fix
# grep '/(.+)/' -r /usr/share/smanager/lib/SrvMngr/Controller
/usr/share/smanager/lib/SrvMngr/Controller/Webhosting.pm: $name =~ /(.+)/;
$name = $1;
for reference
# rpm -qf /usr/share/smanager/lib/SrvMngr/Controller/Webhosting.pm
smeserver-webhosting-11.0.0-6.el8.sme.noarch
--
You are receiving this mail because:
You are the QA Contact for the bug.
You are the assignee for the bug._______________________________________________
Mail for each SME Contribs bug report
To unsubscribe, e-mail [email protected]
Searchable archive at https://lists.contribs.org/mailman/public/contribteam/
