cvs commit: modperl-2.0/ModPerl-Registry/lib/ModPerl RegistryCooker.pm RegistryLoader.pm

Sat, 30 Aug 2003 02:35:56 +0000 

stas        2003/08/29 19:35:10

  Modified:    ModPerl-Registry/lib/ModPerl RegistryCooker.pm
                        RegistryLoader.pm
  Log:
  adjust to use the C slurp_filename, which now allows to get the data
  untainted in first place
  
  Revision  Changes    Path
  1.36      +2 -11     modperl-2.0/ModPerl-Registry/lib/ModPerl/RegistryCooker.pm
  
  Index: RegistryCooker.pm
  ===================================================================
  RCS file: /home/cvs/modperl-2.0/ModPerl-Registry/lib/ModPerl/RegistryCooker.pm,v
  retrieving revision 1.35
  retrieving revision 1.36
  diff -u -u -r1.35 -r1.36
  --- RegistryCooker.pm 23 Mar 2003 04:52:24 -0000      1.35
  +++ RegistryCooker.pm 30 Aug 2003 02:35:09 -0000      1.36
  @@ -17,6 +17,7 @@
   
   use Apache::Response ();
   use Apache::RequestRec ();
  +use Apache::RequestUtil ();
   use Apache::RequestIO ();
   use Apache::Log ();
   use Apache::Access ();
  @@ -524,7 +525,7 @@
       my $self = shift;
   
       $self->debug("reading $self->{FILENAME}") if DEBUG & D_NOISE;
  -    $self->{CODE} = $self->{REQ}->my_slurp_filename;
  +    $self->{CODE} = $self->{REQ}->slurp_filename(0); # untainted
   }
   
   #########################################################################
  @@ -639,7 +640,6 @@
   
       ModPerl::Global::special_list_clear(END => $self->{PACKAGE});
   
  -    ModPerl::Util::untaint($$eval);
       {
           # let the code define its own warn and strict level 
           no strict;
  @@ -753,15 +753,6 @@
       my $r = shift;
       stat $r->filename;
       \*_;
  -}
  -
  -sub Apache::RequestRec::my_slurp_filename {
  -    my $r = shift;
  -    open my $fh, $r->filename;
  -    local $/;
  -    my $data = <$fh>;
  -    close $fh;
  -    return \$data;
   }
   
   
  
  
  
  1.9       +6 -1      modperl-2.0/ModPerl-Registry/lib/ModPerl/RegistryLoader.pm
  
  Index: RegistryLoader.pm
  ===================================================================
  RCS file: /home/cvs/modperl-2.0/ModPerl-Registry/lib/ModPerl/RegistryLoader.pm,v
  retrieving revision 1.8
  retrieving revision 1.9
  diff -u -u -r1.8 -r1.9
  --- RegistryLoader.pm 2 Mar 2003 22:47:19 -0000       1.8
  +++ RegistryLoader.pm 30 Aug 2003 02:35:09 -0000      1.9
  @@ -109,12 +109,17 @@
   
   # override Apache class methods called by Modperl::Registry*. normally
   # only available at request-time via blessed request_rec pointer
  -sub my_slurp_filename {
  +sub slurp_filename {
       my $r = shift;
  +    my $tainted = @_ ? shift : 1;
       my $filename = $r->filename;
       open my $fh, $filename or die "can't open $filename: $!";
       local $/;
       my $code = <$fh>;
  +    unless ($tainted) {
  +        ($code) = $code =~ /(.*)/s; # untaint
  +    }
  +    close $fh;
       return \$code;
   }

Reply via email to