From: djmcgrath Date: Wed, 7 Nov 2007 01:42:46 +0000 (+0000) Subject: * Security patch for binmode UTF8 handling for CVE-2007-5116 X-Git-Url: https://git.donarmstrong.com/?p=infobot.git;a=commitdiff_plain;h=d337f15b80c305f20994c630ac788b337cf2ab60 * Security patch for binmode UTF8 handling for CVE-2007-5116 * More info at: http://www.perlmonks.org/?node_id=644786 git-svn-id: https://svn.code.sf.net/p/infobot/code/trunk@1629 c11ca15a-4712-0410-83d8-924469b57eb5 --- diff --git a/src/Modules/RSSFeeds.pl b/src/Modules/RSSFeeds.pl index 16cfcc0..035ea98 100644 --- a/src/Modules/RSSFeeds.pl +++ b/src/Modules/RSSFeeds.pl @@ -19,7 +19,7 @@ sub getCacheEntry { &::DEBUG("rssFeed: Searching cache for $url"); open CACHE, "<$file" or return; - binmode( CACHE, ":utf8" ); + binmode( CACHE, ":encoding(UTF-8)" ); while () { next unless /^$url:/; @@ -38,8 +38,8 @@ sub saveCache { open IN, "<$file" or return; open OUT, ">$file.tmp" or return; - binmode( IN, ":utf8" ); - binmode( OUT, ":utf8" ); + binmode( IN, ":encoding(UTF-8)" ); + binmode( OUT, ":encoding(UTF-8)" ); # copy all but old ones while () { diff --git a/src/logger.pl b/src/logger.pl index 5a8fd1a..8309a14 100644 --- a/src/logger.pl +++ b/src/logger.pl @@ -97,7 +97,7 @@ sub openLog { } if (open(LOG, ">>$file{log}")) { - binmode(LOG, ":utf8"); + binmode(LOG, ":encoding(UTF-8)"); &status("Opened logfile $file{log}."); LOG->autoflush(1); } else { @@ -376,11 +376,11 @@ sub debug_perl { &status("WARN: cannot open $file: $!"); return; } - binmode(IN, ":utf8"); + binmode(IN, ":encoding(UTF-8)"); # TODO: better filename. open(OUT, ">>debug.log"); - binmode(OUT, ":utf8"); + binmode(OUT, ":encoding(UTF-8)"); print OUT "DEBUG: $str\n"; # note: cannot call external functions because SIG{} does not allow us to. @@ -415,7 +415,7 @@ sub openSQLDebug { delete $param{'SQLDebug'}; return 0; } - binmode(SQLDEBUG, ":utf8"); + binmode(SQLDEBUG, ":encoding(UTF-8)"); &status("Opened SQL Debug file: $param{'SQLDebug'}"); return 1;