/[smeserver]/rpms/e-smith-email/sme10/e-smith-email-5.6.0-bz11716-untaint.patch
ViewVC logotype

Annotation of /rpms/e-smith-email/sme10/e-smith-email-5.6.0-bz11716-untaint.patch

Parent Directory Parent Directory | Revision Log Revision Log | View Revision Graph Revision Graph


Revision 1.2 - (hide annotations) (download)
Sat Apr 16 16:32:00 2022 UTC (2 years, 6 months ago) by jpp
Branch: MAIN
CVS Tags: e-smith-email-5_6_0-16_el7_sme
Changes since 1.1: +3 -3 lines
* Sat Apr 16 2022 Jean-Philippe Pialasse <tests@pialasse.com> 5.6.0-16.sme
- fix missing dot in regex for untainting [SME: 11799]
  would delete any account named with the string before the dot

1 jpp 1.1 diff -Nur --no-dereference e-smith-email-5.6.0.old/root/usr/share/perl5/vendor_perl/esmith/FormMagick/Panel/pseudonyms.pm e-smith-email-5.6.0/root/usr/share/perl5/vendor_perl/esmith/FormMagick/Panel/pseudonyms.pm
2     --- e-smith-email-5.6.0.old/root/usr/share/perl5/vendor_perl/esmith/FormMagick/Panel/pseudonyms.pm 2021-11-15 10:28:23.044000000 -0500
3     +++ e-smith-email-5.6.0/root/usr/share/perl5/vendor_perl/esmith/FormMagick/Panel/pseudonyms.pm 2021-11-15 10:38:27.355000000 -0500
4     @@ -180,7 +180,7 @@
5     or $msg = "Error occurred while modifying pseudonym in database.";
6     }
7     # Untaint $pseudonym before use in system()
8     - ($pseudonym) = ($pseudonym =~ /(.+)/);
9 jpp 1.2 + ($pseudonym) = ($pseudonym =~ /([\w\p{L}.]+)/);
10 jpp 1.1 system( "/sbin/e-smith/signal-event", "pseudonym-create", "$pseudonym",)
11     == 0 or $msg = "Error occurred while creating pseudonym.";
12    
13     @@ -226,7 +226,7 @@
14     or $msg = "Error occurred while modifying pseudonym in database.";
15    
16     # Untaint $pseudonym before use in system()
17     - ($pseudonym) = ($pseudonym =~ /(.+)/);
18 jpp 1.2 + ($pseudonym) = ($pseudonym =~ /([\w\p{L}]+.)/);
19 jpp 1.1 system( "/sbin/e-smith/signal-event", "pseudonym-modify", "$pseudonym",)
20     == 0 or $msg = "Error occurred while modifying pseudonym.";
21    
22     @@ -276,7 +276,7 @@
23     or $msg = "Error occurred while changing pseudonym type.";
24    
25     # Untaint $pseudonym before use in system()
26     - ($pseudonym) = ($pseudonym =~ /(.+)/);
27 jpp 1.2 + ($pseudonym) = ($pseudonym =~ /([\w\p{L}]+.)/);
28 jpp 1.1 system( "/sbin/e-smith/signal-event", "pseudonym-delete", "$pseudonym") == 0
29     or $msg = "Error occurred while removing pseudonym.";
30    

admin@koozali.org
ViewVC Help
Powered by ViewVC 1.2.1 RSS 2.0 feed