You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
34 lines
1.3 KiB
34 lines
1.3 KiB
6 years ago
|
--- a/FuzzyOcr/Config.pm
|
||
|
|
+++ b/FuzzyOcr/Config.pm
|
||
|
|
@@ -577,7 +577,7 @@ sub parse_config {
|
||
|
|
return 1;
|
||
|
|
} elsif ($opts->{key} eq 'focr_bin_helper') {
|
||
|
|
my @cmd; $conf = $opts->{conf};
|
||
|
|
- my $val = $opts->{value}; $val =~ s/[\s]*//g;
|
||
|
|
+ my $val = Mail::SpamAssassin::Util::untaint_var($opts->{value}); $val =~ s/[\s]*//g;
|
||
|
|
debuglog("focr_bin_helper: '$val'");
|
||
|
|
foreach my $bin (split(',',$val)) {
|
||
|
|
unless (grep {m/$bin/} @bin_utils) {
|
||
|
|
@@ -618,6 +618,7 @@ sub finish_parsing_end {
|
||
|
|
delete $conf->{$b};
|
||
|
|
}
|
||
|
|
if (defined $conf->{$b}) {
|
||
|
|
+ $conf->{$b} = Mail::SpamAssassin::Util::untaint_var($conf->{$b});
|
||
|
|
debuglog("Using $a => $conf->{$b}");
|
||
|
|
} else {
|
||
|
|
foreach my $p (@paths) {
|
||
|
|
diff --git a/FuzzyOcr/Logging.pm b/FuzzyOcr/Logging.pm
|
||
|
|
index bed9ff5..ef02b32 100644
|
||
|
|
--- a/FuzzyOcr/Logging.pm
|
||
|
|
+++ b/FuzzyOcr/Logging.pm
|
||
|
|
@@ -31,7 +31,8 @@ sub logfile {
|
||
|
|
my $time = strftime("%Y-%m-%d %H:%M:%S",localtime(time));
|
||
|
|
$logtext =~ s/\n/\n /g;
|
||
|
|
|
||
|
|
- unless ( open LOGFILE, ">>", $conf->{focr_logfile} ) {
|
||
|
|
+ my $fname = Mail::SpamAssassin::Util::untaint_file_path($conf->{focr_logfile});
|
||
|
|
+ unless ( open LOGFILE, ">>", $fname ) {
|
||
|
|
warn "Can't open $conf->{focr_logfile} for writing, check permissions";
|
||
|
|
return;
|
||
|
|
}
|