[Rt-commit] [svn] r760 - rt/trunk/lib/RT
jesse at pallas.eruditorum.org
jesse at pallas.eruditorum.org
Tue Apr 27 18:34:16 EDT 2004
Author: jesse
Date: Tue Apr 27 18:34:16 2004
New Revision: 760
Modified:
rt/trunk/lib/RT/EmailParser.pm
Log:
Better handling of the tempdir for the email parser. It could end up tainted in certain scenarios
Modified: rt/trunk/lib/RT/EmailParser.pm
==============================================================================
--- rt/trunk/lib/RT/EmailParser.pm (original)
+++ rt/trunk/lib/RT/EmailParser.pm Tue Apr 27 18:34:16 2004
@@ -62,6 +62,7 @@
my $class = ref($proto) || $proto;
my $self = {};
bless ($self, $class);
+ $self->{'AttachmentDir'} = File::Temp::tempdir( TMPDIR => 1, CLEANUP => 1 );
return $self;
}
@@ -592,10 +593,12 @@
sub _SetupMIMEParser {
my $self = shift;
my $parser = shift;
- $self->{'AttachmentDir'} ||= File::Temp::tempdir( TMPDIR => 1, CLEANUP => 1 );
# Set up output directory for files:
- $parser->output_dir($self->{'AttachmentDir'});
+ # Untaint the attachment dir, because MIME::Tools will choke otherwise
+ if ($self->{'AttachmentDir'} =~ /^(.*)$/) {
+ $parser->output_dir($1);
+ }
$parser->filer->ignore_filename(1);
More information about the Rt-commit
mailing list