aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorjustdave%syndicomm.com <>2002-01-20 09:44:34 +0000
committerjustdave%syndicomm.com <>2002-01-20 09:44:34 +0000
commit4e6767d4c3d1b0b583f4ec076992345545294748 (patch)
tree44d10a299f4d910400fb420b38e21e769c00be7e /showdependencygraph.cgi
parentRemove files no longer needed after the latest changes to the docs (diff)
downloadbugzilla-4e6767d4c3d1b0b583f4ec076992345545294748.tar.gz
bugzilla-4e6767d4c3d1b0b583f4ec076992345545294748.tar.bz2
bugzilla-4e6767d4c3d1b0b583f4ec076992345545294748.zip
Fix for bug 108982: enable taint mode for all user-facing CGI files.
Patch by Brad Baetz <bbaetz@student.usyd.edu.au> r= jake, justdave
Diffstat (limited to 'showdependencygraph.cgi')
-rwxr-xr-xshowdependencygraph.cgi8
1 files changed, 7 insertions, 1 deletions
diff --git a/showdependencygraph.cgi b/showdependencygraph.cgi
index a10afb896..4bb90d497 100755
--- a/showdependencygraph.cgi
+++ b/showdependencygraph.cgi
@@ -1,4 +1,4 @@
-#!/usr/bonsaitools/bin/perl -w
+#!/usr/bonsaitools/bin/perl -wT
# -*- Mode: perl; indent-tabs-mode: nil -*-
#
# The contents of this file are subject to the Mozilla Public
@@ -23,6 +23,8 @@
use diagnostics;
use strict;
+use lib qw(.);
+
require "CGI.pl";
ConnectToDatabase();
@@ -168,6 +170,10 @@ node [URL="${urlbase}show_bug.cgi?id=\\N", style=filled, color=lightgrey]
# Cleanup any old .dot files created from previous runs.
my $since = time() - 24 * 60 * 60;
foreach my $f (glob("data/webdot/*.dot")) {
+ # Here we are deleting all old files. All entries are from the
+ # data/webdot/ directory. Since we're deleting the file (not following
+ # symlinks), this can't escape to delete anything it shouldn't
+ trick_taint($f);
if (ModTime($f) < $since) {
unlink $f;
}