From: Don Armstrong <don@volo>
Date: Sat, 17 Feb 2007 21:21:12 +0000 (-0800)
Subject: untaint $ENV{DEBBUGS_CONFIG_FILE} when appropriate
X-Git-Tag: release/2.6.0~585^2^2~24
X-Git-Url: https://git.donarmstrong.com/?a=commitdiff_plain;h=2edd4cc1153f0ad50f86d9c56d2e27b29554c985;p=debbugs.git

untaint $ENV{DEBBUGS_CONFIG_FILE} when appropriate
---

diff --git a/Debbugs/Config.pm b/Debbugs/Config.pm
index 5fbb524..6f869e8 100644
--- a/Debbugs/Config.pm
+++ b/Debbugs/Config.pm
@@ -76,6 +76,13 @@ use Safe;
 
 # read in the files;
 %config = ();
+# untaint $ENV{DEBBUGS_CONFIG_FILE} if it's owned by us
+# This enables us to test things that are -T.
+if (exists $ENV{DEBBUGS_CONFIG_FILE} and
+    ${[stat($ENV{DEBBUGS_CONFIG_FILE})]}[4] = $<) {
+     $ENV{DEBBUGS_CONFIG_FILE} =~ /(.+)/;
+     $ENV{DEBBUGS_CONFIG_FILE} = $1;
+}
 read_config(exists $ENV{DEBBUGS_CONFIG_FILE}?$ENV{DEBBUGS_CONFIG_FILE}:'/etc/debbugs/config');
 
 =item email_domain $gEmailDomain