Item9140: Sandbox::sysCommand template parsing
Priority: Normal
Current State: Closed
Released In: 1.1.0
Target Release: minor
Applies To: Engine
Component: Sandbox
Branches:
Foswiki::Sandbox::sysCommand
incorrectly parses the template.
Namely, in the following code:
# Implicit untaint OK; $template is safe
$template =~ /(^.*?)\s+(.*)$/;
my $path = $1;
my $pTmpl = $2;
the regexp fails if the
$template
contains no spaces
(e.g. a program call without arguments),
so that
$path
and
$pTmpl
are filled with arbitrary junk
from a previous regexp matched somewhere else.
By the way, why
^
is inside the parentheses?
--
MikhailRyazanov - 11 Jun 2010
No particular reason. Doesn't actually matter.
Thanks for spotting this one - fixed in
trunk
.
--
CrawfordCurrie - 11 Jun 2010