From: joey Date: Sat, 13 Oct 2007 22:18:33 +0000 (+0000) Subject: untaint plugin filename, will be tainted if specified at the command line X-Git-Tag: 2.10~32 X-Git-Url: http://git.vanrenterghem.biz/git.ikiwiki.info.git/commitdiff_plain/5b7edbf2a43b81e19adfbe6ed915798f55292f3d?hp=57d9b5601b913603e648b1ec7d7bd57b0d25db44 untaint plugin filename, will be tainted if specified at the command line --- diff --git a/IkiWiki/Plugin/external.pm b/IkiWiki/Plugin/external.pm index 9c31a70eb..f76b42c99 100644 --- a/IkiWiki/Plugin/external.pm +++ b/IkiWiki/Plugin/external.pm @@ -20,7 +20,8 @@ sub import { #{{{ return unless defined $plugin; my ($plugin_read, $plugin_write); - my $pid = open2($plugin_read, $plugin_write, $plugin); + my $pid = open2($plugin_read, $plugin_write, + IkiWiki::possibly_foolish_untaint($plugin)); # open2 doesn't respect "use open ':utf8'" binmode($plugin_read, ':utf8');