From b182f5e573ce69635690a09149f9d09654b9e067 Mon Sep 17 00:00:00 2001 From: Joey Hess Date: Mon, 21 Jul 2008 16:20:02 -0400 Subject: [PATCH] need to untaint.. --- IkiWiki/Plugin/remove.pm | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/IkiWiki/Plugin/remove.pm b/IkiWiki/Plugin/remove.pm index badcfe667..e56a4a99c 100644 --- a/IkiWiki/Plugin/remove.pm +++ b/IkiWiki/Plugin/remove.pm @@ -135,7 +135,12 @@ sub sessioncgi ($$) { #{{{ elsif (! -f "$config{srcdir}/$file") { error(sprintf(gettext("%s is not a file"), $file)); } - push @files, $file; + + # This untaint is safe because we've + # verified the file is a known source file, + # and is in the srcdir, and is a regular + # file. + push @files, possibly_foolish_untaint($file); } # Do removal, and update the wiki. -- 2.26.2