Item9140: Sandbox::sysCommand template parsing

Priority: Normal
Current State: Closed
Released In: 1.1.0
Target Release: minor
Applies To: Engine
Component: Sandbox
Reported By: MikhailRyazanov
Waiting For:
Last Change By: KennethLavrsen
Foswiki::Sandbox::sysCommand incorrectly parses the template. Namely, in the following code:
    # Implicit untaint OK; $template is safe
    $template =~ /(^.*?)\s+(.*)$/;
    my $path  = $1;
    my $pTmpl = $2;
the regexp fails if the $template contains no spaces (e.g. a program call without arguments), so that $path and $pTmpl are filled with arbitrary junk from a previous regexp matched somewhere else.

By the way, why ^ is inside the parentheses?

-- MikhailRyazanov - 11 Jun 2010

No particular reason. Doesn't actually matter.

Thanks for spotting this one - fixed in trunk.

-- CrawfordCurrie - 11 Jun 2010


ItemTemplate edit

Summary Sandbox::sysCommand template parsing
ReportedBy MikhailRyazanov
Codebase 1.0.9
SVN Range
AppliesTo Engine
Component Sandbox
Priority Normal
CurrentState Closed
Checkins distro:eb3438fb7749
TargetRelease minor
ReleasedIn 1.1.0
Topic revision: r4 - 04 Oct 2010, KennethLavrsen - This page was cached on 16 Sep 2021 - 18:21.

The copyright of the content on this website is held by the contributing authors, except where stated elsewhere. See Copyright Statement. Creative Commons License    Legal Imprint    Privacy Policy