[interchange-cvs] interchange - heins modified lib/Vend/File.pm
interchange-cvs at icdevgroup.org
interchange-cvs at icdevgroup.org
Sun Apr 10 09:36:34 EDT 2005
User: heins
Date: 2005-04-10 13:36:34 GMT
Modified: lib/Vend File.pm
Log:
* Close minor hole where admin could request /usr/local/interchange/etc/../../../*
for read.
Revision Changes Path
2.16 +3 -3 interchange/lib/Vend/File.pm
rev 2.16, prev_rev 2.15
Index: File.pm
===================================================================
RCS file: /var/cvs/interchange/lib/Vend/File.pm,v
retrieving revision 2.15
retrieving revision 2.16
diff -u -r2.15 -r2.16
--- File.pm 6 Mar 2005 04:14:08 -0000 2.15
+++ File.pm 10 Apr 2005 13:36:34 -0000 2.16
@@ -1,6 +1,6 @@
# Vend::File - Interchange file functions
#
-# $Id: File.pm,v 2.15 2005/03/06 04:14:08 mheins Exp $
+# $Id: File.pm,v 2.16 2005/04/10 13:36:34 mheins Exp $
#
# Copyright (C) 2002-2003 Interchange Development Group
# Copyright (C) 1996-2002 Red Hat, Inc.
@@ -53,7 +53,7 @@
use Vend::Util;
use subs qw(logError logGlobal);
use vars qw($VERSION @EXPORT @EXPORT_OK $errstr);
-$VERSION = substr(q$Revision: 2.15 $, 10);
+$VERSION = substr(q$Revision: 2.16 $, 10);
sub writefile {
my($file, $data, $opt) = @_;
@@ -660,7 +660,7 @@
absolute_or_relative($fn)
)
{
- if($Vend::admin and ! $write and $fn =~ /^$Global::RunDir/) {
+ if($Vend::admin and ! $write and $fn =~ /^$Global::RunDir/ and $fn !~ $relpat) {
$status = 1;
}
else {
More information about the interchange-cvs
mailing list