need to untaint..
authorJoey Hess <joey@kodama.kitenet.net>
Mon, 21 Jul 2008 20:20:02 +0000 (16:20 -0400)
committerJoey Hess <joey@kodama.kitenet.net>
Mon, 21 Jul 2008 20:20:02 +0000 (16:20 -0400)
IkiWiki/Plugin/remove.pm

index badcfe667eac4bd327922f18dd116a9f87494f13..e56a4a99c36d43043ca9608e5a4ac3e5962b0522 100644 (file)
@@ -135,7 +135,12 @@ sub sessioncgi ($$) { #{{{
                                elsif (! -f "$config{srcdir}/$file") {
                                        error(sprintf(gettext("%s is not a file"), $file));
                                }
-                               push @files, $file;
+
+                               # This untaint is safe because we've
+                               # verified the file is a known source file,
+                               # and is in the srcdir, and is a regular
+                               # file.
+                               push @files, possibly_foolish_untaint($file);
                        }
 
                        # Do removal, and update the wiki.