[interchange-cvs] interchange - racke modified lib/Vend/Config.pm
interchange-cvs at icdevgroup.org
interchange-cvs at icdevgroup.org
Tue Apr 4 15:07:48 EDT 2006
User: racke
Date: 2006-04-04 19:07:48 GMT
Modified: lib/Vend Config.pm
Log:
ensure that TrackFile is a relative path to catalog root
parse_relative_dir now issues a meaningful error message
Revision Changes Path
2.203 +14 -11 interchange/lib/Vend/Config.pm
rev 2.203, prev_rev 2.202
Index: Config.pm
===================================================================
RCS file: /var/cvs/interchange/lib/Vend/Config.pm,v
retrieving revision 2.202
retrieving revision 2.203
diff -u -r2.202 -r2.203
--- Config.pm 24 Mar 2006 18:01:22 -0000 2.202
+++ Config.pm 4 Apr 2006 19:07:48 -0000 2.203
@@ -1,6 +1,6 @@
# Vend::Config - Configure Interchange
#
-# $Id: Config.pm,v 2.202 2006/03/24 18:01:22 racke Exp $
+# $Id: Config.pm,v 2.203 2006/04/04 19:07:48 racke Exp $
#
# Copyright (C) 2002-2006 Interchange Development Group
# Copyright (C) 1996-2002 Red Hat, Inc.
@@ -54,7 +54,7 @@
use Vend::Data;
use Vend::Cron;
-$VERSION = substr(q$Revision: 2.202 $, 10);
+$VERSION = substr(q$Revision: 2.203 $, 10);
my %CDname;
my %CPname;
@@ -654,7 +654,7 @@
['EncryptProgram', undef, $Global::EncryptProgram || ''],
['EncryptKey', undef, ''],
['AsciiTrack', undef, ''],
- ['TrackFile', undef, ''],
+ ['TrackFile', 'relative_dir', ''],
['TrackPageParam', 'hash', ''],
['SalesTax', undef, ''],
['SalesTaxFunction', undef, ''],
@@ -3735,14 +3735,17 @@
sub parse_relative_dir {
my($var, $value) = @_;
- config_error(
- "No leading / allowed if NoAbsolute set. Contact administrator.\n"
- )
- if file_name_is_absolute($value) and $Global::NoAbsolute;
- config_error(
- "No leading ../.. allowed if NoAbsolute set. Contact administrator.\n"
- )
- if $value =~ m#^\.\./.*\.\.# and $Global::NoAbsolute;
+ if ($Global::NoAbsolute) {
+ # sanity check on filenames
+ if (file_name_is_absolute($value)) {
+ config_error('Absolute path %s not allowed in %s directive',
+ $value, $var)
+ }
+ if ($value =~ m#^\.\./.*\.\.#) {
+ config_error('Path %s outside of catalog directory not allowed in %s directive',
+ $value, $var)
+ }
+ }
$C->{Source}{$var} = $value;
More information about the interchange-cvs
mailing list