Skip Menu |

This queue is for tickets about the Config-IniFiles CPAN distribution.

Report information
The Basics
Id: 30719
Status: resolved
Priority: 0/
Queue: Config-IniFiles

People
Owner: Nobody in particular
Requestors: sven-bitcard [...] sven.de
Cc:
AdminCc:

Bug Information
Severity: (no value)
Broken in: 2.38
Fixed in: (no value)



Subject: multiline-values are tainted
Multiline values are tainted, single line values are not. Here is a tiny patch that untaints multiline values found in configuration files. Btw, is this module still being maintained?
Subject: multline-untaint.patch
diff -u Config-IniFiles-2.38/IniFiles.pm Config-IniFiles-2.39/IniFiles.pm --- Config-IniFiles-2.38/IniFiles.pm 2003-05-14 03:30:32.000000000 +0200 +++ Config-IniFiles-2.39/IniFiles.pm 2007-11-14 10:15:54.000000000 +0100 @@ -602,7 +602,8 @@ $foundeot = 1; last; } else { - push(@val, $_); + /(.*)/; # untaint + push(@val, $1); } } if ($foundeot) { Gemeinsame Unterverzeichnisse: Config-IniFiles-2.38/t und Config-IniFiles-2.39/t.
This was resolved after closing the matching SourceForge.net bug: https://sourceforge.net/tracker/index.php?func=detail&aid=1831654&group_id=6926&atid=106926 Next time, when reporting a bug, please also supply a testcase. And this module was not maintained for a long time, but in the past few months, I resumed to maintain it. Regards, -- Shlomi Fish