we know that the statement is ok; use $1 to avoid taint issues

author Don Armstrong <don@donarmstrong.com>

Tue, 24 Feb 2015 05:00:57 +0000 (21:00 -0800)

committer Don Armstrong <don@donarmstrong.com>

Tue, 24 Feb 2015 05:00:57 +0000 (21:00 -0800)
author Don Armstrong <don@donarmstrong.com>
Tue, 24 Feb 2015 05:00:57 +0000 (21:00 -0800)
committer Don Armstrong <don@donarmstrong.com>
Tue, 24 Feb 2015 05:00:57 +0000 (21:00 -0800)
diff --git a/Debbugs/CGI/Pkgreport.pm b/Debbugs/CGI/Pkgreport.pm

index d14997930ab82facf0ef84dbd711a51d21abd5ee..523dbbb90a6a909d9043a4e949836dc9c35624b6 100644 (file)
--- a/Debbugs/CGI/Pkgreport.pm
+++ b/Debbugs/CGI/Pkgreport.pm
@@ -486,7 +486,7 @@ sub parse_order_statement_into_boolean {
                }exg;
      # check that the parsed statement is just valid boolean statements
      if ($statement =~ /^([01\(\)\&\|]+)$/) {
-        return eval "$statement";
+        return eval "$1";
      } else {
          # this is an invalid boolean statement
          return 0;
author	Don Armstrong <don@donarmstrong.com>
	Tue, 24 Feb 2015 05:00:57 +0000 (21:00 -0800)
committer	Don Armstrong <don@donarmstrong.com>
	Tue, 24 Feb 2015 05:00:57 +0000 (21:00 -0800)