pld-builder.new: PLD_Builder/request.py - reject specs with pathnames inside
glen
glen at pld-linux.org
Sun Jun 28 17:29:12 CEST 2009
Author: glen Date: Sun Jun 28 15:29:12 2009 GMT
Module: pld-builder.new Tag: HEAD
---- Log message:
- reject specs with pathnames inside
---- Files affected:
pld-builder.new/PLD_Builder:
request.py (1.63 -> 1.64)
---- Diffs:
================================================================
Index: pld-builder.new/PLD_Builder/request.py
diff -u pld-builder.new/PLD_Builder/request.py:1.63 pld-builder.new/PLD_Builder/request.py:1.64
--- pld-builder.new/PLD_Builder/request.py:1.63 Wed Mar 4 15:29:05 2009
+++ pld-builder.new/PLD_Builder/request.py Sun Jun 28 17:29:06 2009
@@ -149,6 +149,8 @@
self.src_rpm = text(c)
elif c.nodeName == "spec":
self.spec = text(c)
+ if self.spec.find('/') != -1:
+ log.panic("xml: evil specname (%s)" % self.spec)
elif c.nodeName == "command":
self.spec = "COMMAND"
self.command = text(c)
================================================================
---- CVS-web:
http://cvs.pld-linux.org/cgi-bin/cvsweb.cgi/pld-builder.new/PLD_Builder/request.py?r1=1.63&r2=1.64&f=u
More information about the pld-cvs-commit
mailing list