Subject: | multiline-values are tainted |
Multiline values are tainted, single line values are not.
Here is a tiny patch that untaints multiline values found in
configuration files.
Btw, is this module still being maintained?
Subject: | multline-untaint.patch |
diff -u Config-IniFiles-2.38/IniFiles.pm Config-IniFiles-2.39/IniFiles.pm
--- Config-IniFiles-2.38/IniFiles.pm 2003-05-14 03:30:32.000000000 +0200
+++ Config-IniFiles-2.39/IniFiles.pm 2007-11-14 10:15:54.000000000 +0100
@@ -602,7 +602,8 @@
$foundeot = 1;
last;
} else {
- push(@val, $_);
+ /(.*)/; # untaint
+ push(@val, $1);
}
}
if ($foundeot) {
Gemeinsame Unterverzeichnisse: Config-IniFiles-2.38/t und Config-IniFiles-2.39/t.