You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 
 
 
 
 

33 lines
1.3 KiB

--- a/FuzzyOcr/Config.pm
+++ b/FuzzyOcr/Config.pm
@@ -577,7 +577,7 @@ sub parse_config {
return 1;
} elsif ($opts->{key} eq 'focr_bin_helper') {
my @cmd; $conf = $opts->{conf};
- my $val = $opts->{value}; $val =~ s/[\s]*//g;
+ my $val = Mail::SpamAssassin::Util::untaint_var($opts->{value}); $val =~ s/[\s]*//g;
debuglog("focr_bin_helper: '$val'");
foreach my $bin (split(',',$val)) {
unless (grep {m/$bin/} @bin_utils) {
@@ -618,6 +618,7 @@ sub finish_parsing_end {
delete $conf->{$b};
}
if (defined $conf->{$b}) {
+ $conf->{$b} = Mail::SpamAssassin::Util::untaint_var($conf->{$b});
debuglog("Using $a => $conf->{$b}");
} else {
foreach my $p (@paths) {
diff --git a/FuzzyOcr/Logging.pm b/FuzzyOcr/Logging.pm
index bed9ff5..ef02b32 100644
--- a/FuzzyOcr/Logging.pm
+++ b/FuzzyOcr/Logging.pm
@@ -31,7 +31,8 @@ sub logfile {
my $time = strftime("%Y-%m-%d %H:%M:%S",localtime(time));
$logtext =~ s/\n/\n /g;
- unless ( open LOGFILE, ">>", $conf->{focr_logfile} ) {
+ my $fname = Mail::SpamAssassin::Util::untaint_file_path($conf->{focr_logfile});
+ unless ( open LOGFILE, ">>", $fname ) {
warn "Can't open $conf->{focr_logfile} for writing, check permissions";
return;
}