[interchange-cvs] interchange - heins modified lib/Vend/File.pm

interchange-cvs at icdevgroup.org interchange-cvs at icdevgroup.org
Sun Apr 10 09:36:34 EDT 2005


User:      heins
Date:      2005-04-10 13:36:34 GMT
Modified:  lib/Vend File.pm
Log:
* Close minor hole where admin could request /usr/local/interchange/etc/../../../*
  for read.

Revision  Changes    Path
2.16      +3 -3      interchange/lib/Vend/File.pm


rev 2.16, prev_rev 2.15
Index: File.pm
===================================================================
RCS file: /var/cvs/interchange/lib/Vend/File.pm,v
retrieving revision 2.15
retrieving revision 2.16
diff -u -r2.15 -r2.16
--- File.pm	6 Mar 2005 04:14:08 -0000	2.15
+++ File.pm	10 Apr 2005 13:36:34 -0000	2.16
@@ -1,6 +1,6 @@
 # Vend::File - Interchange file functions
 #
-# $Id: File.pm,v 2.15 2005/03/06 04:14:08 mheins Exp $
+# $Id: File.pm,v 2.16 2005/04/10 13:36:34 mheins Exp $
 # 
 # Copyright (C) 2002-2003 Interchange Development Group
 # Copyright (C) 1996-2002 Red Hat, Inc.
@@ -53,7 +53,7 @@
 use Vend::Util;
 use subs qw(logError logGlobal);
 use vars qw($VERSION @EXPORT @EXPORT_OK $errstr);
-$VERSION = substr(q$Revision: 2.15 $, 10);
+$VERSION = substr(q$Revision: 2.16 $, 10);
 
 sub writefile {
     my($file, $data, $opt) = @_;
@@ -660,7 +660,7 @@
 		absolute_or_relative($fn)
 		)
 	{
-		if($Vend::admin and ! $write and $fn =~ /^$Global::RunDir/) {
+		if($Vend::admin and ! $write and $fn =~ /^$Global::RunDir/ and $fn !~ $relpat) {
 			$status = 1;
 		}
 		else {








More information about the interchange-cvs mailing list