perl-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Randy Kobes <ra...@theoryx5.uwinnipeg.ca>
Subject Re: Security Fix [mp2]
Date Fri, 23 Mar 2007 05:22:11 GMT
On Thu, 22 Mar 2007, Fred Moyer wrote:

> Philip gave a +1 here - 
> http://marc.info/?l=apache-modperl&m=117462227916610&w=2
>
> I think I need another +1, right?
>
> Working on the mp1 patch.
>
> Index: Changes
> ===================================================================
> --- Changes     (revision 508723)
> +++ Changes     (working copy)
> @@ -12,6 +12,9 @@
>
> =item 2.0.4-dev
>
> +fix unescaped variable interprolation in regular expression
> +[Randal L. Schwartz <merlyn@stonehenge.com>, Fred Moyer 
> <fred@redhotpenguin.com>]
> +
> Make $r->the_request() writeable
> [Fred Moyer <fred@redhotpenguin.com>]
>
> Index: ModPerl-Registry/lib/ModPerl/RegistryCooker.pm
> ===================================================================
> --- ModPerl-Registry/lib/ModPerl/RegistryCooker.pm      (revision 508723)
> +++ ModPerl-Registry/lib/ModPerl/RegistryCooker.pm      (working copy)
> @@ -337,7 +337,7 @@
>     my $self = shift;
>
>     my $path_info = $self->{REQ}->path_info;
> -    my $script_name = $path_info && $self->{URI} =~ /$path_info$/
> +    my $script_name = $path_info && $self->{URI} =~ /\Q$path_info\E$/
>         ? substr($self->{URI}, 0, length($self->{URI}) - length($path_info))
>         : $self->{URI};

+1

-- 
best regards,
Randy

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@perl.apache.org
For additional commands, e-mail: dev-help@perl.apache.org


Mime
View raw message