untaint plugin filename, will be tainted if specified at the command line

author joey <joey@0fa5a96a-9a0e-0410-b3b2-a0fd24251071>

Sat, 13 Oct 2007 22:18:33 +0000 (22:18 +0000)

committer joey <joey@0fa5a96a-9a0e-0410-b3b2-a0fd24251071>

Sat, 13 Oct 2007 22:18:33 +0000 (22:18 +0000)
author joey <joey@0fa5a96a-9a0e-0410-b3b2-a0fd24251071>
Sat, 13 Oct 2007 22:18:33 +0000 (22:18 +0000)
committer joey <joey@0fa5a96a-9a0e-0410-b3b2-a0fd24251071>
Sat, 13 Oct 2007 22:18:33 +0000 (22:18 +0000)
diff --git a/IkiWiki/Plugin/external.pm b/IkiWiki/Plugin/external.pm

index 9c31a70eba89edd5e4f5ba9ad2ef6ccc72e29c8d..f76b42c9982ee4c636ddd73a9d8bbd2ba490df5a 100644 (file)
--- a/IkiWiki/Plugin/external.pm
+++ b/IkiWiki/Plugin/external.pm
@@ -20,7 +20,8 @@ sub import { #{{{
         return unless defined $plugin;
  
         my ($plugin_read, $plugin_write);
-       my $pid = open2($plugin_read, $plugin_write, $plugin);
+       my $pid = open2($plugin_read, $plugin_write,
+               IkiWiki::possibly_foolish_untaint($plugin));
  
         # open2 doesn't respect "use open ':utf8'"
         binmode($plugin_read, ':utf8');
author	joey <joey@0fa5a96a-9a0e-0410-b3b2-a0fd24251071>
	Sat, 13 Oct 2007 22:18:33 +0000 (22:18 +0000)
committer	joey <joey@0fa5a96a-9a0e-0410-b3b2-a0fd24251071>
	Sat, 13 Oct 2007 22:18:33 +0000 (22:18 +0000)