Closed
Bug 221977
Opened 21 years ago
Closed 21 years ago
Insecure dependency in require while running with -T switch at Bugzilla/Auth.pm
Categories
(Bugzilla :: Installation & Upgrading, defect, P1)
Tracking
()
RESOLVED
FIXED
Bugzilla 2.18
People
(Reporter: justdave, Assigned: justdave)
References
Details
Attachments
(1 file)
657 bytes,
patch
|
gerv
:
review+
|
Details | Diff | Splinter Review |
bugzilla-tip perl 5.6.0 is burning.
Error is:
Insecure dependency in require while running with -T switch at Bugzilla/Auth.pm
line 32.
Assignee | ||
Comment 1•21 years ago
|
||
This patch makes the error go away. It resolves it by detainting the auth
module name. The fact that it's tainted to begin with indicates we may have a
problem somewhere else, so this probably isn't the best way to fix it.
FWIW, this error ONLY ocurrs if you don't have a data/params file (which is the
case when running in Tinderbox conditions), so it may be a problem with how it
falls back on defaults under compile-only conditions.
Assignee | ||
Updated•21 years ago
|
Priority: -- → P1
Target Milestone: --- → Bugzilla 2.18
Comment 2•21 years ago
|
||
Comment on attachment 133169 [details] [diff] [review]
Patch
r=gerv.
Gerv
Attachment #133169 -
Flags: review+
Updated•21 years ago
|
Flags: approval?
Assignee | ||
Comment 3•21 years ago
|
||
I still don't like this, but it'll do for now.
Assignee: bbaetz → justdave
Flags: approval? → approval+
Comment 4•21 years ago
|
||
Checking in Auth.pm;
/cvsroot/mozilla/webtools/bugzilla/Bugzilla/Auth.pm,v <-- Auth.pm
new revision: 1.2; previous revision: 1.1
done
Status: NEW → RESOLVED
Closed: 21 years ago
Resolution: --- → FIXED
Comment 5•21 years ago
|
||
I really don't like the 'compile-only' stuff tinderbox does, but.....
Its 5.6.0 only, so its hard to debug, but may be related to the way we load in
defparams.
Comment 6•21 years ago
|
||
Err, hang on. You can't include . in the list of valid characters. Since you
don't include / or \, I guess you could allow it as log as its not . or .., but
I don't think . is useful in a name for a module anyway.
Updated•12 years ago
|
QA Contact: matty_is_a_geek → default-qa
You need to log in
before you can comment on or make changes to this bug.
Description
•