* In mercurial backend, untaint ipaddr when using it as the user for the

commit. Thanks, Alexander Wirt. Closes: #420428
author: joey <joey@0fa5a96a-9a0e-0410-b3b2-a0fd24251071> 2007-04-22 17:45:39 +0000
committer: joey <joey@0fa5a96a-9a0e-0410-b3b2-a0fd24251071> 2007-04-22 17:45:39 +0000
commit: 1e62d2bc0c3c5ff0ab52dfdfe82c8abbcb5b6c3a (patch)
tree: a346848f012ec54678a814bbf344c05d20caecf0
parent: bad02f285615b839c3f4bfba6ac0638c73f4b57c (diff)
2 files changed, 4 insertions, 2 deletions
diff --git a/IkiWiki/Rcs/mercurial.pm b/IkiWiki/Rcs/mercurial.pm
index 84bf99c68..2e15085ec 100644
--- a/IkiWiki/Rcs/mercurial.pm
+++ b/IkiWiki/Rcs/mercurial.pm
@@ -72,7 +72,7 @@ sub rcs_commit ($$$;$$) { #{{{
 		$user = possibly_foolish_untaint($user);
 	}
 	elsif (defined $ipaddr) {
-		$user = "Anonymous from $ipaddr";
+		$user = "Anonymous from ".possibly_foolish_untaint($ipaddr);
 	}
 	else {
 		$user = "Anonymous";
diff --git a/debian/changelog b/debian/changelog
index 3bc1d5086..e4b0fc75f 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -3,8 +3,10 @@ ikiwiki (1.51) UNRELEASED; urgency=low
   * Support setting svnpath to "" for wikis that are rooted at the top of
     their svn repositories, with no trunk directory.
   * Minor template improvements by Alessandro.
+  * In mercurial backend, untaint ipaddr when using it as the user for the
+    commit. Thanks, Alexander Wirt. Closes: #420428
 
- -- Joey Hess <joeyh@debian.org>  Wed, 18 Apr 2007 19:35:29 -0400
+ -- Joey Hess <joeyh@debian.org>  Sun, 22 Apr 2007 13:43:49 -0400
 
 ikiwiki (1.50) unstable; urgency=low
author	joey <joey@0fa5a96a-9a0e-0410-b3b2-a0fd24251071>	2007-04-22 17:45:39 +0000
committer	joey <joey@0fa5a96a-9a0e-0410-b3b2-a0fd24251071>	2007-04-22 17:45:39 +0000
commit	1e62d2bc0c3c5ff0ab52dfdfe82c8abbcb5b6c3a (patch)
tree	a346848f012ec54678a814bbf344c05d20caecf0
parent	bad02f285615b839c3f4bfba6ac0638c73f4b57c (diff)