Skip Menu |

This queue is for tickets about the GD-SecurityImage-AC CPAN distribution.

Report information
The Basics
Id: 29934
Status: resolved
Worked: 2 hours (120 min)
Priority: 0/
Queue: GD-SecurityImage-AC
People
Owner: SNOWHARE [...] cpan.org
Requestors: devilcrayon [...] gmail.com
Cc:
AdminCc:
Bug Information
Severity: Normal
Broken in: (no value)
Fixed in: (no value)

History Show all quoted text
  Thu Oct 11 19:02:13 2007 devilcrayon [...] gmail.com - Ticket created
Subject: path to make GD::SecurityImage::AC taint-safe(r)
When running with taint checking enabled, GD::SecurityImage::AC is killed when attempting to unlink old image files in sub _unlink() line 99. changing the body of the subroutine to this will allow it to pass taint checking: sub _unlink { my $file = shift or return; if (-e $file && !-d _) { if ($file =~ /(^[\w\+_\040\#\(\)\{\}\[\]\/\-\^,\.:;&%@\\~]+\$?$)/ ) { $file = $1; return unlink($file); } else { die "Filename $file unsafe to unlink"; } } return 1; # resume on unexistent file } Perhaps a better RE could be used to check the filename. I stole the one in here from CGI::Untaint::Filename. Thanks! Devin
  Fri May 09 10:58:54 2008 SNOWHARE [...] cpan.org - Taken
  Fri May 09 11:00:18 2008 SNOWHARE [...] cpan.org - Correspondence added 120 min
Resolved as part of 1.11 release.
  Fri May 09 11:00:45 2008 The RT System itself - Status changed from 'new' to 'open'
  Fri May 09 11:01:50 2008 SNOWHARE [...] cpan.org - Status changed from 'open' to 'resolved'