From: Don Armstrong <don@donarmstrong.com>
Date: Tue, 24 Feb 2015 05:00:57 +0000 (-0800)
Subject: we know that the statement is ok; use $1 to avoid taint issues
X-Git-Tag: release/2.6.0~229
X-Git-Url: https://git.donarmstrong.com/?p=debbugs.git;a=commitdiff_plain;h=814004e0edefc141b8cc28db0d54cf2a6fad4486

we know that the statement is ok; use $1 to avoid taint issues
---

diff --git a/Debbugs/CGI/Pkgreport.pm b/Debbugs/CGI/Pkgreport.pm
index d149979..523dbbb 100644
--- a/Debbugs/CGI/Pkgreport.pm
+++ b/Debbugs/CGI/Pkgreport.pm
@@ -486,7 +486,7 @@ sub parse_order_statement_into_boolean {
               }exg;
     # check that the parsed statement is just valid boolean statements
     if ($statement =~ /^([01\(\)\&\|]+)$/) {
-        return eval "$statement";
+        return eval "$1";
     } else {
         # this is an invalid boolean statement
         return 0;