Anonymous avatar Anonymous committed 225cb38

Possible Security! - No longer passing a string directly to printf.

Comments (0)

Files changed (1)

lib/File/Find/Object.pm

     return;
 }
 
+sub _warn_about_loop
+{
+    my $self = shift;
+    my $ptr = shift;
+
+    # Don't pass strings directly to the format.
+    # Instead - use %s
+    # This was a security problem.
+    printf(STDERR
+        "Avoid loop %s => %s\n",
+            $ptr->_dir_as_string(),
+            $self->_current_path()
+        );
+
+    return;
+}
+
 sub _non_top__check_subdir_helper {
     my $self = shift;
     my $st = shift;
     }
 
     if (my $ptr = $self->_find_ancestor_with_same_inode($st)) {
-        printf(STDERR "Avoid loop " . $ptr->_dir_as_string . " => %s\n",
-            $self->_current_path());
+        $self->_warn_about_loop($ptr);
         return 0;
     }
 
Tip: Filter by directory path e.g. /media app.js to search for public/media/app.js.
Tip: Use camelCasing e.g. ProjME to search for ProjectModifiedEvent.java.
Tip: Filter by extension type e.g. /repo .js to search for all .js files in the /repo directory.
Tip: Separate your search with spaces e.g. /ssh pom.xml to search for src/ssh/pom.xml.
Tip: Use ↑ and ↓ arrow keys to navigate and return to view the file.
Tip: You can also navigate files with Ctrl+j (next) and Ctrl+k (previous) and view the file with Ctrl+o.
Tip: You can also navigate files with Alt+j (next) and Alt+k (previous) and view the file with Alt+o.