need to untaint..

author Joey Hess <joey@kodama.kitenet.net>

Mon, 21 Jul 2008 20:20:02 +0000 (16:20 -0400)

committer Joey Hess <joey@kodama.kitenet.net>

Mon, 21 Jul 2008 20:20:02 +0000 (16:20 -0400)
author Joey Hess <joey@kodama.kitenet.net>
Mon, 21 Jul 2008 20:20:02 +0000 (16:20 -0400)
committer Joey Hess <joey@kodama.kitenet.net>
Mon, 21 Jul 2008 20:20:02 +0000 (16:20 -0400)
diff --git a/IkiWiki/Plugin/remove.pm b/IkiWiki/Plugin/remove.pm

index badcfe667eac4bd327922f18dd116a9f87494f13..e56a4a99c36d43043ca9608e5a4ac3e5962b0522 100644 (file)
--- a/IkiWiki/Plugin/remove.pm
+++ b/IkiWiki/Plugin/remove.pm
@@ -135,7 +135,12 @@ sub sessioncgi ($$) { #{{{
                                 elsif (! -f "$config{srcdir}/$file") {
                                         error(sprintf(gettext("%s is not a file"), $file));
                                 }
-                               push @files, $file;
+
+                               # This untaint is safe because we've
+                               # verified the file is a known source file,
+                               # and is in the srcdir, and is a regular
+                               # file.
+                               push @files, possibly_foolish_untaint($file);
                         }
  
                         # Do removal, and update the wiki.
author	Joey Hess <joey@kodama.kitenet.net>
	Mon, 21 Jul 2008 20:20:02 +0000 (16:20 -0400)
committer	Joey Hess <joey@kodama.kitenet.net>
	Mon, 21 Jul 2008 20:20:02 +0000 (16:20 -0400)