From f52380b976948ec2f3776d63baaf2549f4a81b49 Mon Sep 17 00:00:00 2001
From: Christian Pointner <equinox@helsinki.at>
Date: Tue, 9 Mar 2010 16:50:04 +0000
Subject: using /usr/bin/id instead of environment (more secure!)


diff --git a/rhimport b/rhimport
index 46794b6..c8cfd47 100755
--- a/rhimport
+++ b/rhimport
@@ -65,10 +65,10 @@ EOF
   exit;
 }
 
-my $user = $ENV{'USER'};
-$user or die "Username not found in environment";
+my $user = `/usr/bin/id -un`;
+$user =~ s/\n//;
 
-my $dbh = DBI->connect( "DBI:mysql:$DB:$DBHOST","$DBUSER","$DBPW") or die "Database Error: $DBI::errstr";
+my $dbh = DBI->connect("DBI:mysql:$DB:$DBHOST","$DBUSER","$DBPW") or die "Database Error: $DBI::errstr";
 my $sql = qq{select USER_PERMS.GROUP_NAME,DROPBOXES.PATH from USER_PERMS, DROPBOXES where USER_PERMS.USER_NAME='$user' and DROPBOXES.GROUP_NAME=USER_PERMS.GROUP_NAME;};
 my $sth = $dbh->prepare($sql);
 $sth->execute();
-- 
cgit v0.10.2