--- loncom/Attic/lcuseradd 2003/02/03 18:03:52 1.25 +++ loncom/Attic/lcuseradd 2004/09/02 19:04:53 1.25.2.2 @@ -14,7 +14,7 @@ # o LonCapa will add it if/when the user is granted an Author # role. # -# $Id: lcuseradd,v 1.25 2003/02/03 18:03:52 harris41 Exp $ +# $Id: lcuseradd,v 1.25.2.2 2004/09/02 19:04:53 albertel Exp $ ### ############################################################################### @@ -214,6 +214,9 @@ if ($status) { print "Done adding user\n" unless $noprint; # Make www a member of that user group. my $groups=`/usr/bin/groups www` or exit(6); +# untaint +my ($safegroups)=($groups=~/:\s*([\s\w]+)/); +$groups=$safegroups; chomp $groups; $groups=~s/^\S+\s+\:\s+//; my @grouplist=split(/\s+/,$groups); my @ugrouplist=grep {!/www|$safeusername/} @grouplist; @@ -280,9 +283,9 @@ if (-e '/var/run/httpd.pid') { open(PID,'/var/run/httpd.pid'); my $pid=; close(PID); - $pid=~s/\D+//g; + my ($safepid)=($pid=~s/(\D+)//g); if ($pid) { - system('kill','-USR1',"$pid"); + system('kill','-USR1',"$safepid"); } } # -------------------------------------------------------- Exit script