Skip to content
Snippets Groups Projects
Commit 88df0132 authored by Andreas Romeyke's avatar Andreas Romeyke
Browse files

- untaint environment

parent 8a6ca145
Branches
No related tags found
No related merge requests found
Show whitespace changes
Inline Side-by-side
lib/SLUB/LZA/Rosetta/TA.pm
+ 10
3
View file @ 88df0132
...@@ -20,7 +20,13 @@ our %cache; ...@@ -20,7 +20,13 @@ our %cache;
our $cache_path; our $cache_path;
our $SALT = pack("H16", "There is no security by obscurity!"); our $SALT = pack("H16", "There is no security by obscurity!");
BEGIN { BEGIN {
my $home = path($ENV{'HOME'}); my $rx_psep = qr{[/\\]};
my $rx_abs = qr{[A-Z]:};
my $rx_sub = qr{([[:print:]]+)};
$ENV{'HOME'} =~ m{^(($rx_abs)?($rx_psep$rx_sub)+)$}m;
# untaint $homestr
my $homestr = $1;
my $home = path($homestr);
if ($home->is_dir() && !$home->is_rootdir) { if ($home->is_dir() && !$home->is_rootdir) {
my $config_path = $home->child('.config')->child('ta-tool.rc'); my $config_path = $home->child('.config')->child('ta-tool.rc');
our $config_file = $config_path; our $config_file = $config_path;
...@@ -36,6 +42,7 @@ BEGIN{ ...@@ -36,6 +42,7 @@ BEGIN{
%cache = YAML::LoadFile($cache_path); %cache = YAML::LoadFile($cache_path);
} }
} }
} }
END { END {
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment

DE: Impressum · Datenschutzerklärung | EN: Legal Notice · Privacy Policy