[Rt-commit] [svn] r759 - in rt/branches/rt-3.1: . lib/RT
jesse at pallas.eruditorum.org
jesse at pallas.eruditorum.org
Tue Apr 27 18:30:20 EDT 2004
Author: jesse
Date: Tue Apr 27 18:30:19 2004
New Revision: 759
Modified:
rt/branches/rt-3.1/ (props changed)
rt/branches/rt-3.1/lib/RT/EmailParser.pm
Log:
----------------------------------------------------------------------
r969 at Jesse-Vincents-Computer: jesse | 2004-04-27T04:27:57.713354Z
----------------------------------------------------------------------
r970 at Jesse-Vincents-Computer: jesse | 2004-04-27T22:30:10.046486Z
Taint handling to better handle incoming mail
----------------------------------------------------------------------
Modified: rt/branches/rt-3.1/lib/RT/EmailParser.pm
==============================================================================
--- rt/branches/rt-3.1/lib/RT/EmailParser.pm (original)
+++ rt/branches/rt-3.1/lib/RT/EmailParser.pm Tue Apr 27 18:30:19 2004
@@ -62,6 +62,7 @@
my $class = ref($proto) || $proto;
my $self = {};
bless ($self, $class);
+ $self->{'AttachmentDir'} = File::Temp::tempdir( TMPDIR => 1, CLEANUP => 1 );
return $self;
}
@@ -628,10 +629,12 @@
sub _SetupMIMEParser {
my $self = shift;
my $parser = shift;
- $self->{'AttachmentDir'} ||= File::Temp::tempdir( TMPDIR => 1, CLEANUP => 1 );
# Set up output directory for files:
- $parser->output_dir($self->{'AttachmentDir'});
+ # Untaint the attachment dir, because MIME::Tools will choke otherwise
+ if ($self->{'AttachmentDir'} =~ /^(.*)$/) {
+ $parser->output_dir($1);
+ }
$parser->filer->ignore_filename(1);
More information about the Rt-commit
mailing list