From: Joey Hess Date: Mon, 21 Jul 2008 20:20:02 +0000 (-0400) Subject: need to untaint.. X-Git-Tag: 2.55~93 X-Git-Url: http://git.tremily.us/?a=commitdiff_plain;h=b182f5e573ce69635690a09149f9d09654b9e067;p=ikiwiki.git need to untaint.. --- diff --git a/IkiWiki/Plugin/remove.pm b/IkiWiki/Plugin/remove.pm index badcfe667..e56a4a99c 100644 --- a/IkiWiki/Plugin/remove.pm +++ b/IkiWiki/Plugin/remove.pm @@ -135,7 +135,12 @@ sub sessioncgi ($$) { #{{{ elsif (! -f "$config{srcdir}/$file") { error(sprintf(gettext("%s is not a file"), $file)); } - push @files, $file; + + # This untaint is safe because we've + # verified the file is a known source file, + # and is in the srcdir, and is a regular + # file. + push @files, possibly_foolish_untaint($file); } # Do removal, and update the wiki.