it's newref not new_ref

[debbugs.git] / cgi / bugreport.cgi

diff --git a/cgi/bugreport.cgi b/cgi/bugreport.cgi
index d6d5cf20f7430ef5e558a573bcd7bf713910a241..8ad688f6923b501ea836557574b2a63f881c738a 100755 (executable)
--- a/cgi/bugreport.cgi
+++ b/cgi/bugreport.cgi
@@ -1,8 +1,13 @@
-#!/usr/bin/perl -wT
+#!/usr/bin/perl
 
 use warnings;
 use strict;
 
+# Sanitize environent for taint
+BEGIN{
+    delete @ENV{qw(IFS CDPATH ENV BASH_ENV)};
+}
+
 use POSIX qw(strftime);
 use MIME::Parser;
 use MIME::Decoder;
@@ -19,6 +24,8 @@ use Debbugs::Common qw(buglog getmaintainers make_list bug_status);
 use Debbugs::Packages qw(getpkgsrc);
 use Debbugs::Status qw(splitpackages split_status_fields get_bug_status isstrongseverity);
 
+use Debbugs::User;
+
 use Scalar::Util qw(looks_like_number);
 
 use Debbugs::Text qw(:templates);
@@ -290,7 +297,7 @@ unless (%status) {
 #$|=1;
 
 my %package;
-my @packages = splitpackages($status{package});
+my @packages = make_list($status{package});
 
 foreach my $pkg (@packages) {
      if ($pkg =~ /^src\:/) {