21 lines
766 B
Plaintext
21 lines
766 B
Plaintext
Fix tainted usage of $ENV{TMPDIR} as an sprintf format in CGI.pm. (Closes: #494679)
|
|
|
|
[rt.perl.org #50322]
|
|
Bleadperl change 33143.
|
|
|
|
Note that the inconsistent usage of backslashes doesn't matter, as
|
|
the whole thing is eval'd in.
|
|
diff --git a/lib/CGI.pm b/lib/CGI.pm
|
|
index c0158cb..1bc74a3 100644
|
|
--- a/lib/CGI.pm
|
|
+++ b/lib/CGI.pm
|
|
@@ -4032,7 +4032,7 @@ sub new {
|
|
my $filename;
|
|
find_tempdir() unless -w $TMPDIRECTORY;
|
|
for (my $i = 0; $i < $MAXTRIES; $i++) {
|
|
- last if ! -f ($filename = sprintf("${TMPDIRECTORY}${SL}CGItemp%d",$sequence++));
|
|
+ last if ! -f ($filename = sprintf("\%s${SL}CGItemp%d",$TMPDIRECTORY,$sequence++));
|
|
}
|
|
# check that it is a more-or-less valid filename
|
|
return unless $filename =~ m!^([a-zA-Z0-9_ \'\":/.\$\\-]+)$!;
|