CVSROOT: /cvsroot/administration
Module name: administration
Branch:
Changes by: Sylvain Beucler <[EMAIL PROTECTED]> 05/08/09 18:45:17
Modified files:
infra/bin : sv_cvstarballs.cron
Log message:
Fixed perl security warnings
CVSWeb URLs:
http://savannah.gnu.org/cgi-bin/viewcvs/administration/administration/infra/bin/sv_cvstarballs.cron.diff?tr1=1.1&tr2=1.2&r1=text&r2=text
Patches:
Index: administration/infra/bin/sv_cvstarballs.cron
diff -u administration/infra/bin/sv_cvstarballs.cron:1.1
administration/infra/bin/sv_cvstarballs.cron:1.2
--- administration/infra/bin/sv_cvstarballs.cron:1.1 Fri Sep 17 11:04:54 2004
+++ administration/infra/bin/sv_cvstarballs.cron Tue Aug 9 18:45:16 2005
@@ -34,6 +34,10 @@
use strict;
use Savannah;
+# Classical perlsec(1) init
+$ENV{'PATH'} = '/bin:/usr/bin';
+delete @ENV{'IFS', 'CDPATH', 'ENV', 'BASH_ENV'};
+
my $archives_dir = '/savannah/cvs-backup';
my @projects = GetDB("groups", "status='A' AND is_public='1'",
"unix_group_name");
@@ -51,6 +55,13 @@
# Process active public projects
for my $project_name (sort @projects) {
chomp($project_name);
+
+ # Untaint variable (needed?)
+ if ($project_name =~ /^([-_A-Za-z0-9]+)$/) {
+ $project_name = $1;
+ } else {
+ next;
+ }
my $source_dir = "/savannah/cvsroot/$project_name/cvsroot";
my $repos_mtime = (stat("$source_dir/$project_name/CVSROOT/history"))[9];
_______________________________________________
Savannah-cvs mailing list
[email protected]
http://lists.gnu.org/mailman/listinfo/savannah-cvs
