[interchange-cvs] interchange - racke modified lib/Vend/Config.pm

interchange-cvs at icdevgroup.org interchange-cvs at icdevgroup.org
Tue Apr 4 15:07:48 EDT 2006 

User:      racke
Date:      2006-04-04 19:07:48 GMT
Modified:  lib/Vend Config.pm
Log:
ensure that TrackFile is a relative path to catalog root
parse_relative_dir now issues a meaningful error message

Revision  Changes    Path
2.203     +14 -11    interchange/lib/Vend/Config.pm


rev 2.203, prev_rev 2.202
Index: Config.pm
===================================================================
RCS file: /var/cvs/interchange/lib/Vend/Config.pm,v
retrieving revision 2.202
retrieving revision 2.203
diff -u -r2.202 -r2.203
--- Config.pm	24 Mar 2006 18:01:22 -0000	2.202
+++ Config.pm	4 Apr 2006 19:07:48 -0000	2.203
@@ -1,6 +1,6 @@
 # Vend::Config - Configure Interchange
 #
-# $Id: Config.pm,v 2.202 2006/03/24 18:01:22 racke Exp $
+# $Id: Config.pm,v 2.203 2006/04/04 19:07:48 racke Exp $
 #
 # Copyright (C) 2002-2006 Interchange Development Group
 # Copyright (C) 1996-2002 Red Hat, Inc.
@@ -54,7 +54,7 @@
 use Vend::Data;
 use Vend::Cron;
 
-$VERSION = substr(q$Revision: 2.202 $, 10);
+$VERSION = substr(q$Revision: 2.203 $, 10);
 
 my %CDname;
 my %CPname;
@@ -654,7 +654,7 @@
 	['EncryptProgram',	 undef,     	     $Global::EncryptProgram || ''],
 	['EncryptKey',		 undef,     	     ''],
 	['AsciiTrack',	 	 undef,     	     ''],
-	['TrackFile',	 	 undef,     	     ''],
+	['TrackFile',	 	 'relative_dir',     ''],
 	['TrackPageParam',	 'hash',     	     ''],
 	['SalesTax',		 undef,     	     ''],
 	['SalesTaxFunction', undef,     	     ''],
@@ -3735,14 +3735,17 @@
 sub parse_relative_dir {
 	my($var, $value) = @_;
 
-	config_error(
-	  "No leading / allowed if NoAbsolute set. Contact administrator.\n"
-	  )
-	  if file_name_is_absolute($value) and $Global::NoAbsolute;
-	config_error(
-	  "No leading ../.. allowed if NoAbsolute set. Contact administrator.\n"
-	  )
-	  if $value =~ m#^\.\./.*\.\.# and $Global::NoAbsolute;
+	if ($Global::NoAbsolute) {
+		# sanity check on filenames
+		if (file_name_is_absolute($value)) {
+			config_error('Absolute path %s not allowed in %s directive',
+						 $value, $var)
+		}
+		if ($value =~ m#^\.\./.*\.\.#) {
+			config_error('Path %s outside of catalog directory not allowed in %s directive',
+						 $value, $var)
+		}
+	}
 
 	$C->{Source}{$var} = $value;

More information about the interchange-cvs mailing list