support a text_orig_value

[debbugs.git] / cgi / pkgreport.cgi

diff --git a/cgi/pkgreport.cgi b/cgi/pkgreport.cgi
index 1666bbc6f7191a926f516bcd29e46bde2d20b664..4f4ea800af986fcd38f0c58ba04dd8e121a41a95 100755 (executable)
--- a/cgi/pkgreport.cgi
+++ b/cgi/pkgreport.cgi
@@ -13,6 +13,11 @@
 use warnings;
 use strict;
 
+# Sanitize environent for taint
+BEGIN{
+    delete @ENV{qw(IFS CDPATH ENV BASH_ENV)};
+}
+
 use POSIX qw(strftime nice);
 
 use Debbugs::Config qw(:globals :text :config);
@@ -79,7 +84,7 @@ if (exists $param{form_options} and defined $param{form_options}) {
      for my $incexc (qw(include exclude)) {
          next unless exists $param{$incexc};
          # normalize tag to tags
-         $param{$incexc} = [map {s/^tag:/tags:/} grep /\S\:\S/, make_list($param{$incexc})];
+         $param{$incexc} = [map {s/^tag:/tags:/; $_} grep /\S\:\S/, make_list($param{$incexc})];
      }
      for my $key (keys %package_search_keys) {
          next unless exists $param{key};
@@ -100,7 +105,7 @@ if (exists $param{form_options} and defined $param{form_options}) {
 for my $incexc (qw(include exclude)) {
     next unless exists $param{$incexc};
     # normalize tag to tags
-    $param{$incexc} = [map {s/^tag:/tags:/} make_list($param{$incexc})];
+    $param{$incexc} = [map {s/^tag:/tags:/; $_} make_list($param{$incexc})];
 }