Permalink
Browse files

safer open() when passing arbitrary filename (file in .deb) that may …

…contain shell metachars
  • Loading branch information...
1 parent db1fd4c commit 12a9aa8da39fc7375c6d77e81d88195c2b962214 @dmacks dmacks committed Feb 11, 2012
Showing with 1 addition and 1 deletion.
  1. +1 −1 perlmod/Fink/Validation.pm
@@ -1829,7 +1829,7 @@ sub _validate_dpkg {
# check that compiled python modules files don't self-identify using temp locations
if ($filename =~/\.py[co]$/) {
- if (!-l $File::Find::name and open my $py_file, "strings $File::Find::name |") {
+ if (!-l $File::Find::name and open my $py_file, '|-', 'strings', $File::Find::name) {
while (<$py_file>) {
if (/$pkgbuilddir/) {
&stack_msg($msgs, "Compiled python module points to fink build dir.", $filename);

0 comments on commit 12a9aa8

Please sign in to comment.