untaint $ENV{DEBBUGS_CONFIG_FILE} when appropriate

diff --git a/Debbugs/Config.pm b/Debbugs/Config.pm
index 5fbb524e6f9a4c2f1546422089a7a7e2befc3d6e..6f869e8efb317b526a456da38f70862ca47d4fa8 100644 (file)
--- a/Debbugs/Config.pm
+++ b/Debbugs/Config.pm
@@ -76,6 +76,13 @@ use Safe;
 
 # read in the files;
 %config = ();
+# untaint $ENV{DEBBUGS_CONFIG_FILE} if it's owned by us
+# This enables us to test things that are -T.
+if (exists $ENV{DEBBUGS_CONFIG_FILE} and
+    ${[stat($ENV{DEBBUGS_CONFIG_FILE})]}[4] = $<) {
+     $ENV{DEBBUGS_CONFIG_FILE} =~ /(.+)/;
+     $ENV{DEBBUGS_CONFIG_FILE} = $1;
+}
 read_config(exists $ENV{DEBBUGS_CONFIG_FILE}?$ENV{DEBBUGS_CONFIG_FILE}:'/etc/debbugs/config');
 
 =item email_domain $gEmailDomain