summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorjoey <joey@0fa5a96a-9a0e-0410-b3b2-a0fd24251071>2007-05-10 18:54:37 +0000
committerjoey <joey@0fa5a96a-9a0e-0410-b3b2-a0fd24251071>2007-05-10 18:54:37 +0000
commitb15f37e9e9e617e049207eca04652a8794e9b1de (patch)
tree73a18792a9adbd92f834ad6c18af5442fb3c897f
parent7e09aa1134d7adb1e6c7c91b34b4d620ebeef5c4 (diff)
response
-rw-r--r--doc/bugs/Insecure_dependency_in_eval_while_running_with_-T_switch.mdwn18
1 files changed, 17 insertions, 1 deletions
diff --git a/doc/bugs/Insecure_dependency_in_eval_while_running_with_-T_switch.mdwn b/doc/bugs/Insecure_dependency_in_eval_while_running_with_-T_switch.mdwn
index bed5691f3..befda2a93 100644
--- a/doc/bugs/Insecure_dependency_in_eval_while_running_with_-T_switch.mdwn
+++ b/doc/bugs/Insecure_dependency_in_eval_while_running_with_-T_switch.mdwn
@@ -67,4 +67,20 @@ because `patch` command fails:
Could you please fix that patch? I guess how to do it, but I don't want
to break the code I distribute in my backport ;)
--- Pawel \ No newline at end of file
+-- Pawel
+
+> It's not my patch.. IIRC my suggestion was simply to do this: --[Joey]]
+
+ Index: IkiWiki.pm
+ ===================================================================
+ --- IkiWiki.pm (revision 3565)
+ +++ IkiWiki.pm (working copy)
+ @@ -1005,7 +1005,7 @@
+ unshift @params, "location";
+ }
+
+ - my $ret=eval pagespec_translate($spec);
+ + my $ret=eval possibly_foolish_untaint(pagespec_translate($spec));
+ return IkiWiki::FailReason->new("syntax error") if $@;
+ return $ret;
+ } #}}}