response
authorjoey <joey@0fa5a96a-9a0e-0410-b3b2-a0fd24251071>
Thu, 10 May 2007 18:54:37 +0000 (18:54 +0000)
committerjoey <joey@0fa5a96a-9a0e-0410-b3b2-a0fd24251071>
Thu, 10 May 2007 18:54:37 +0000 (18:54 +0000)
doc/bugs/Insecure_dependency_in_eval_while_running_with_-T_switch.mdwn

index bed5691f3ce9ca72bae6178879381ce01d30ae97..befda2a93734da9509340cb94c51e5cbb694b12e 100644 (file)
@@ -67,4 +67,20 @@ because `patch` command fails:
 Could you please fix that patch?  I guess how to do it, but I don't want
 to break the code I distribute in my backport ;)
 
--- Pawel
\ No newline at end of file
+-- Pawel
+
+> It's not my patch.. IIRC my suggestion was simply to do this: --[Joey]]
+
+       Index: IkiWiki.pm
+       ===================================================================
+       --- IkiWiki.pm  (revision 3565)
+       +++ IkiWiki.pm  (working copy)
+       @@ -1005,7 +1005,7 @@
+                       unshift @params, "location";
+               }
+        
+       -       my $ret=eval pagespec_translate($spec);
+       +       my $ret=eval possibly_foolish_untaint(pagespec_translate($spec));
+               return IkiWiki::FailReason->new("syntax error") if $@;
+               return $ret;
+        } #}}}