[LON-CAPA-cvs] cvs: loncom(version_1_2_X) / lcuseradd

albertel lon-capa-cvs@mail.lon-capa.org
Thu, 05 Aug 2004 21:01:20 -0000


albertel		Thu Aug  5 17:01:20 2004 EDT

  Modified files:              (Branch: version_1_2_X)
    /loncom	lcuseradd 
  Log:
  - backport 1.27
  
  
Index: loncom/lcuseradd
diff -u loncom/lcuseradd:1.25 loncom/lcuseradd:1.25.2.1
--- loncom/lcuseradd:1.25	Mon Feb  3 13:03:52 2003
+++ loncom/lcuseradd	Thu Aug  5 17:01:20 2004
@@ -14,7 +14,7 @@
 #        o LonCapa will add it if/when the user is granted an Author
 #          role.
 #
-# $Id: lcuseradd,v 1.25 2003/02/03 18:03:52 harris41 Exp $
+# $Id: lcuseradd,v 1.25.2.1 2004/08/05 21:01:20 albertel Exp $
 ###
 
 ###############################################################################
@@ -214,6 +214,9 @@
 print "Done adding user\n" unless $noprint;
 # Make www a member of that user group.
 my $groups=`/usr/bin/groups www` or exit(6);
+# untaint
+my ($safegroups)=($groups=~/([\s\w]+)/);
+$groups=$safegroups;
 chomp $groups; $groups=~s/^\S+\s+\:\s+//;
 my @grouplist=split(/\s+/,$groups);
 my @ugrouplist=grep {!/www|$safeusername/} @grouplist;
@@ -280,9 +283,9 @@
     open(PID,'/var/run/httpd.pid');
     my $pid=<PID>;
     close(PID);
-    $pid=~s/\D+//g;
+    my ($safepid)=($pid=~s/(\D+)//g);
     if ($pid) {
-	system('kill','-USR1',"$pid");
+	system('kill','-USR1',"$safepid");
     }
 }
 # -------------------------------------------------------- Exit script