perl-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Fred Moyer <f...@taperfriendlymusic.org>
Subject Security Fix [mp2]
Date Fri, 23 Mar 2007 04:11:41 GMT
Philip gave a +1 here - 
http://marc.info/?l=apache-modperl&m=117462227916610&w=2

I think I need another +1, right?

Working on the mp1 patch.

Index: Changes
===================================================================
--- Changes     (revision 508723)
+++ Changes     (working copy)
@@ -12,6 +12,9 @@

  =item 2.0.4-dev

+fix unescaped variable interprolation in regular expression
+[Randal L. Schwartz <merlyn@stonehenge.com>, Fred Moyer 
<fred@redhotpenguin.com>]
+
  Make $r->the_request() writeable
  [Fred Moyer <fred@redhotpenguin.com>]

Index: ModPerl-Registry/lib/ModPerl/RegistryCooker.pm
===================================================================
--- ModPerl-Registry/lib/ModPerl/RegistryCooker.pm      (revision 508723)
+++ ModPerl-Registry/lib/ModPerl/RegistryCooker.pm      (working copy)
@@ -337,7 +337,7 @@
      my $self = shift;

      my $path_info = $self->{REQ}->path_info;
-    my $script_name = $path_info && $self->{URI} =~ /$path_info$/
+    my $script_name = $path_info && $self->{URI} =~ /\Q$path_info\E$/
          ? substr($self->{URI}, 0, length($self->{URI}) - 
length($path_info))
          : $self->{URI};

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@perl.apache.org
For additional commands, e-mail: dev-help@perl.apache.org


Mime
View raw message