You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
33 lines
1.3 KiB
33 lines
1.3 KiB
--- a/FuzzyOcr/Config.pm |
|
+++ b/FuzzyOcr/Config.pm |
|
@@ -577,7 +577,7 @@ sub parse_config { |
|
return 1; |
|
} elsif ($opts->{key} eq 'focr_bin_helper') { |
|
my @cmd; $conf = $opts->{conf}; |
|
- my $val = $opts->{value}; $val =~ s/[\s]*//g; |
|
+ my $val = Mail::SpamAssassin::Util::untaint_var($opts->{value}); $val =~ s/[\s]*//g; |
|
debuglog("focr_bin_helper: '$val'"); |
|
foreach my $bin (split(',',$val)) { |
|
unless (grep {m/$bin/} @bin_utils) { |
|
@@ -618,6 +618,7 @@ sub finish_parsing_end { |
|
delete $conf->{$b}; |
|
} |
|
if (defined $conf->{$b}) { |
|
+ $conf->{$b} = Mail::SpamAssassin::Util::untaint_var($conf->{$b}); |
|
debuglog("Using $a => $conf->{$b}"); |
|
} else { |
|
foreach my $p (@paths) { |
|
diff --git a/FuzzyOcr/Logging.pm b/FuzzyOcr/Logging.pm |
|
index bed9ff5..ef02b32 100644 |
|
--- a/FuzzyOcr/Logging.pm |
|
+++ b/FuzzyOcr/Logging.pm |
|
@@ -31,7 +31,8 @@ sub logfile { |
|
my $time = strftime("%Y-%m-%d %H:%M:%S",localtime(time)); |
|
$logtext =~ s/\n/\n /g; |
|
|
|
- unless ( open LOGFILE, ">>", $conf->{focr_logfile} ) { |
|
+ my $fname = Mail::SpamAssassin::Util::untaint_file_path($conf->{focr_logfile}); |
|
+ unless ( open LOGFILE, ">>", $fname ) { |
|
warn "Can't open $conf->{focr_logfile} for writing, check permissions"; |
|
return; |
|
}
|
|
|