pld-builder.new: PLD_Builder/request.py - reject specs with pathnames inside

glen glen at pld-linux.org
Sun Jun 28 17:29:12 CEST 2009


Author: glen                         Date: Sun Jun 28 15:29:12 2009 GMT
Module: pld-builder.new               Tag: HEAD
---- Log message:
- reject specs with pathnames inside

---- Files affected:
pld-builder.new/PLD_Builder:
   request.py (1.63 -> 1.64) 

---- Diffs:

================================================================
Index: pld-builder.new/PLD_Builder/request.py
diff -u pld-builder.new/PLD_Builder/request.py:1.63 pld-builder.new/PLD_Builder/request.py:1.64
--- pld-builder.new/PLD_Builder/request.py:1.63	Wed Mar  4 15:29:05 2009
+++ pld-builder.new/PLD_Builder/request.py	Sun Jun 28 17:29:06 2009
@@ -149,6 +149,8 @@
                 self.src_rpm = text(c)
             elif c.nodeName == "spec":
                 self.spec = text(c)
+                if self.spec.find('/') != -1:
+                    log.panic("xml: evil specname (%s)" % self.spec)
             elif c.nodeName == "command":
                 self.spec = "COMMAND"
                 self.command = text(c)
================================================================

---- CVS-web:
    http://cvs.pld-linux.org/cgi-bin/cvsweb.cgi/pld-builder.new/PLD_Builder/request.py?r1=1.63&r2=1.64&f=u



More information about the pld-cvs-commit mailing list