From 66621adfb81a9d1f39c684c67abd33dd664930c1 Mon Sep 17 00:00:00 2001 From: Thomas von Dein Date: Sat, 10 Oct 2009 16:27:47 +0000 Subject: [PATCH] 2.19 - forgot to import 'catfile' from File::Spec. Bug reported by various people. - applied patch by Peter Tandler which adds a search-path feature for include files. - applied patch by David Dick which adds an auto launder capability to the module which makes it possible to use variables read by Config::General in a tainted perlscript (executed with -T) for open(), backtick calls or something which the taintmode considers to be dangerous. git-svn-id: http://dev.catalyst.perl.org/repos/Config-General/trunk@45 be1acefe-a474-0410-9a34-9b3221f2030f --- Changelog | 13 ++++++++++ General.pm | 70 ++++++++++++++++++++++++++++++++++++++++++++++++------ README | 2 +- 3 files changed, 77 insertions(+), 8 deletions(-) diff --git a/Changelog b/Changelog index 94a221f..c49bc6f 100644 --- a/Changelog +++ b/Changelog @@ -1,3 +1,16 @@ + 2.19 + - forgot to import 'catfile' from File::Spec. Bug reported by + various people. + + - applied patch by Peter Tandler + which adds a search-path feature for include files. + + - applied patch by David Dick which + adds an auto launder capability to the module which makes it + possible to use variables read by Config::General in a + tainted perlscript (executed with -T) for open(), backtick calls + or something which the taintmode considers to be dangerous. + 2.18 - fixed Bug #2325 (rt.cpan.org). The subs exported by File::Spec will now imported explicitly. diff --git a/General.pm b/General.pm index 238f8b8..90f3e20 100644 --- a/General.pm +++ b/General.pm @@ -13,12 +13,12 @@ package Config::General; use FileHandle; -use File::Spec::Functions qw(splitpath file_name_is_absolute); +use File::Spec::Functions qw(splitpath file_name_is_absolute catfile catpath); use strict; use Carp; use Exporter; -$Config::General::VERSION = "2.18"; +$Config::General::VERSION = "2.19"; use vars qw(@ISA @EXPORT); @ISA = qw(Exporter); @@ -43,6 +43,8 @@ sub new { UseApacheInclude => 0, IncludeRelative => 0, + AutoLaunder => 0, + AutoTrue => 0, AutoTrueFlags => { @@ -91,6 +93,9 @@ sub new { $self->{ConfigFile} = delete $conf{-file} if(exists $conf{-file}); $self->{ConfigHash} = delete $conf{-hash} if(exists $conf{-hash}); + # store search path for relative configs, if any + $self->{ConfigPath} = delete $conf{-ConfigPath} if(exists $conf{-ConfigPath}); + # store input, file, handle, or array $self->{ConfigFile} = delete $conf{-ConfigFile} if(exists $conf{-ConfigFile}); $self->{ConfigHash} = delete $conf{-ConfigHash} if(exists $conf{-ConfigHash}); @@ -230,9 +235,10 @@ sub new { $self->{configfile} = $self->{ConfigFile}; if ( file_name_is_absolute($self->{ConfigFile}) ) { # look if is is an absolute path and save the basename if it is absolute - my (undef, $path, undef) = splitpath($self->{ConfigFile}); + my ($volume, $path, undef) = splitpath($self->{ConfigFile}); $path =~ s#/$##; # remove eventually existing trailing slash - $self->{configpath} = $path; + $self->{ConfigPath} = [] unless $self->{ConfigPath}; + unshift @{$self->{ConfigPath}}, catpath($volume, $path, ''); } $self->_open($self->{configfile}); # now, we parse immdediately, getall simply returns the whole hash @@ -284,12 +290,28 @@ sub _open { # my($this, $configfile) = @_; my $fh = new FileHandle; + + if( ! -e $configfile && defined($this->{ConfigPath}) ) { + # try to find the file within ConfigPath + foreach my $dir (@{$this->{ConfigPath}}) { + if( -e catfile($dir, $configfile) ) { + $configfile = catfile($dir, $configfile); + last; # found it + }; + } + } + if (-e $configfile) { open $fh, "<$configfile" or croak "Could not open $configfile!($!)\n"; $this->_read($fh); } else { - croak "The file \"$configfile\" does not exist!\n"; + if (defined $this->{ConfigPath}) { + croak "The file \"$configfile\" does not exist within ConfigPath: " . join(":", @{$this->{ConfigPath}}) . "!\n"; + } + else { + croak "The file \"$configfile\" does not exist!\n"; + } } } @@ -315,6 +337,11 @@ sub _read { } foreach (@stuff) { + if ($this->{AutoLaunder}) { + m/^(.*)$/; + $_ = $1; + } + chomp; if ($this->{CComments}) { @@ -436,7 +463,7 @@ sub _read { $incl_file = $1; if ( $this->{IncludeRelative} && $this->{configpath} && !file_name_is_absolute($incl_file) ) { # include the file from within location of $this->{configfile} - $this->_open( catfile($this->{configpath}, $incl_file) ); + $this->_open( $incl_file ); } else { # include the file from within pwd, or absolute @@ -1083,6 +1110,25 @@ will be opened from within the location of the configfile instead from within th location of the script($0). This works only if the configfile has a absolute pathname (i.e. "/etc/main.conf"). +If the variable B<-ConfigPath> has been set and if the file to be included could +not be found in the location relative to the current config file, the module +will search within B<-ConfigPath> for the file. See the description of B<-ConfigPath> +for more details. + + +=item B<-ConfigPath> + +As mentioned above, you can use this variable to specify a search path for relative +config files which have to be included. Config::General will search within this +path for the file if it cannot find the file at the location relative to the +current config file. + +You must specify the path as an array ref. For example: + + @path = qw(/usr/lib/perl /nfs/apps/lib /home/lib); + .. + -ConfigPath => \@path + =item B<-MergeDuplicateBlocks> @@ -1104,6 +1150,16 @@ B<-AllowMultiOptions> explicit to 'true'. In this case duplicate blocks are allowed and put into an array but dupclicate options will be merged. +=item B<-AutoLaunder> + +If set to a true value, then all values in your config file will be laundered +to allow them to be used under a -T taint flag. This could be regarded as circumventing +the purpose of the -T flag, however, if the bad guys can mess with your config file, +you have problems that -T will not be able to stop. AutoLaunder will only handle +a config file being read from -ConfigFile. + + + =item B<-AutoTrue> If set to a true value, then options in your config file, whose values are set to @@ -1805,7 +1861,7 @@ Thomas Linden =head1 VERSION -2.18 +2.19 =cut diff --git a/README b/README index 4837d1b..bd40621 100644 --- a/README +++ b/README @@ -104,4 +104,4 @@ AUTHOR VERSION - 2.18 \ No newline at end of file + 2.19 \ No newline at end of file