Insecure dependency in require at importxml.pl line 59.

RESOLVED FIXED in Bugzilla 2.14

Status

()

Bugzilla
Bug Import/Export & Moving
--
blocker
RESOLVED FIXED
17 years ago
5 years ago

People

(Reporter: justdave, Assigned: Tara Hernandez)

Tracking

unspecified
Bugzilla 2.14

Details

Attachments

(1 attachment)

As reported by tinderbox:

Insecure dependency in require while running with -T switch at /home/ianh/
tinderbox/mozilla/webtools/bugzilla/importxml.pl line 59.

This is only killing the Perl 5.00503 tinderbox.  All the 5.6 tinderboxen are 
passing it.  This is a 2.14 release blocker.  Resolution of this bug will require 
either making Perl 5.00503 happy or deciding to require a newer version of Perl.
Target Milestone: --- → Bugzilla 2.14

Comment 2

17 years ago
Yipie, I found a machine with perl 5.00503 installed on it :)

It seems that running a variable through an s///; expression doesn't untaint it
(I don't know if that's only perl 5.005 or all versions).  However, running it
through m/()/; and setting it to $1 does.
Keywords: patch, review
That's just 5.005.  5.6 lets you untaint with an s///.  This'll still work 
though.

r= justdave

checked in.
Status: NEW → RESOLVED
Last Resolved: 17 years ago
Resolution: --- → FIXED
Moving to Bugzilla product
Component: Bugzilla → Bugzilla-General
Product: Webtools → Bugzilla
Version: Bugzilla 2.13 → unspecified
Component: Bugzilla-General → Bug Import/Export & Moving
QA Contact: matty_is_a_geek → default-qa
You need to log in before you can comment on or make changes to this bug.