Skip Menu |

This queue is for tickets about the Config-IniFiles CPAN distribution.

Report information
The Basics
Id: 30719
Status: resolved
Priority: 0/
Queue: Config-IniFiles

Owner: Nobody in particular
Requestors: sven-bitcard [...]

Bug Information
Severity: (no value)
Broken in: 2.38
Fixed in: (no value)

Subject: multiline-values are tainted
Download (untitled) / with headers
text/plain 185b
Multiline values are tainted, single line values are not. Here is a tiny patch that untaints multiline values found in configuration files. Btw, is this module still being maintained?
Subject: multline-untaint.patch
diff -u Config-IniFiles-2.38/ Config-IniFiles-2.39/ --- Config-IniFiles-2.38/ 2003-05-14 03:30:32.000000000 +0200 +++ Config-IniFiles-2.39/ 2007-11-14 10:15:54.000000000 +0100 @@ -602,7 +602,8 @@ $foundeot = 1; last; } else { - push(@val, $_); + /(.*)/; # untaint + push(@val, $1); } } if ($foundeot) { Gemeinsame Unterverzeichnisse: Config-IniFiles-2.38/t und Config-IniFiles-2.39/t.
Download (untitled) / with headers
text/plain 356b
This was resolved after closing the matching bug: Next time, when reporting a bug, please also supply a testcase. And this module was not maintained for a long time, but in the past few months, I resumed to maintain it. Regards, -- Shlomi Fish

This service is sponsored and maintained by Best Practical Solutions and runs on infrastructure.

Please report any issues with to