Author: sidney
Date: Sat Aug 13 00:50:00 2022
New Revision: 1903383
URL: http://svn.apache.org/viewvc?rev=1903383&view=rev
Log:
bug 8025 - Use better untaint pattern for Windows file paths than the incomplete fix for bug 8010
Modified:
spamassassin/trunk/lib/Mail/SpamAssassin.pm
Modified: spamassassin/trunk/lib/Mail/SpamAssassin.pm
URL: http://svn.apache.org/viewvc/spamassassin/trunk/lib/Mail/SpamAssassin.pm?rev=1903383&r1=1903382&r2=1903383&view=diff
==============================================================================
--- spamassassin/trunk/lib/Mail/SpamAssassin.pm (original)
+++ spamassassin/trunk/lib/Mail/SpamAssassin.pm Sat Aug 13 00:50:00 2022
@@ -2229,11 +2229,14 @@ sub _get_cf_pre_files_in_dir {
if ($self->{config_tree_recurse}) {
my @cfs;
+ # copied from Mail::SpamAssassin::Util::untaint_file_path
+ my $chars = '-_A-Za-z0-9.#%=+,/:()\\@\\xA0-\\xFF\\\\';
+ my $re = qr{^\s*([$chars][${chars}~ ]*)\z};
# use "eval" to avoid loading File::Find unless this is specified
eval ' use File::Find qw();
File::Find::find(
{ untaint => 1,
- am_running_on_windows() ? (untaint_pattern => qr|^([-+@\w.:\\/]+)$|) : (),
+ am_running_on_windows() ? (untaint_pattern => $re) : (),
follow => 1,
wanted =>
sub { push(@cfs, $File::Find::name) if /\.\Q$type\E$/i && -f $_ }
Date: Sat Aug 13 00:50:00 2022
New Revision: 1903383
URL: http://svn.apache.org/viewvc?rev=1903383&view=rev
Log:
bug 8025 - Use better untaint pattern for Windows file paths than the incomplete fix for bug 8010
Modified:
spamassassin/trunk/lib/Mail/SpamAssassin.pm
Modified: spamassassin/trunk/lib/Mail/SpamAssassin.pm
URL: http://svn.apache.org/viewvc/spamassassin/trunk/lib/Mail/SpamAssassin.pm?rev=1903383&r1=1903382&r2=1903383&view=diff
==============================================================================
--- spamassassin/trunk/lib/Mail/SpamAssassin.pm (original)
+++ spamassassin/trunk/lib/Mail/SpamAssassin.pm Sat Aug 13 00:50:00 2022
@@ -2229,11 +2229,14 @@ sub _get_cf_pre_files_in_dir {
if ($self->{config_tree_recurse}) {
my @cfs;
+ # copied from Mail::SpamAssassin::Util::untaint_file_path
+ my $chars = '-_A-Za-z0-9.#%=+,/:()\\@\\xA0-\\xFF\\\\';
+ my $re = qr{^\s*([$chars][${chars}~ ]*)\z};
# use "eval" to avoid loading File::Find unless this is specified
eval ' use File::Find qw();
File::Find::find(
{ untaint => 1,
- am_running_on_windows() ? (untaint_pattern => qr|^([-+@\w.:\\/]+)$|) : (),
+ am_running_on_windows() ? (untaint_pattern => $re) : (),
follow => 1,
wanted =>
sub { push(@cfs, $File::Find::name) if /\.\Q$type\E$/i && -f $_ }