bugzilla-tip perl 5.6.0 is burning. Error is: Insecure dependency in require while running with -T switch at Bugzilla/Auth.pm line 32.
This patch makes the error go away. It resolves it by detainting the auth module name. The fact that it's tainted to begin with indicates we may have a problem somewhere else, so this probably isn't the best way to fix it. FWIW, this error ONLY ocurrs if you don't have a data/params file (which is the case when running in Tinderbox conditions), so it may be a problem with how it falls back on defaults under compile-only conditions.
Priority: -- → P1
Target Milestone: --- → Bugzilla 2.18
Comment on attachment 133169 [details] [diff] [review] Patch r=gerv. Gerv
Attachment #133169 - Flags: review+
I still don't like this, but it'll do for now.
Assignee: bbaetz → justdave
Flags: approval? → approval+
Checking in Auth.pm; /cvsroot/mozilla/webtools/bugzilla/Bugzilla/Auth.pm,v <-- Auth.pm new revision: 1.2; previous revision: 1.1 done
Status: NEW → RESOLVED
Closed: 16 years ago
Resolution: --- → FIXED
I really don't like the 'compile-only' stuff tinderbox does, but..... Its 5.6.0 only, so its hard to debug, but may be related to the way we load in defparams.
Err, hang on. You can't include . in the list of valid characters. Since you don't include / or \, I guess you could allow it as log as its not . or .., but I don't think . is useful in a name for a module anyway.
You need to log in before you can comment on or make changes to this bug.