diff options
author | joey <joey@0fa5a96a-9a0e-0410-b3b2-a0fd24251071> | 2007-10-13 22:18:33 +0000 |
---|---|---|
committer | joey <joey@0fa5a96a-9a0e-0410-b3b2-a0fd24251071> | 2007-10-13 22:18:33 +0000 |
commit | 5b7edbf2a43b81e19adfbe6ed915798f55292f3d (patch) | |
tree | 6127a5ee445dfb4eaca6c43582c33628d4e1e333 /IkiWiki | |
parent | 57d9b5601b913603e648b1ec7d7bd57b0d25db44 (diff) |
untaint plugin filename, will be tainted if specified at the command line
Diffstat (limited to 'IkiWiki')
-rw-r--r-- | IkiWiki/Plugin/external.pm | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/IkiWiki/Plugin/external.pm b/IkiWiki/Plugin/external.pm index 9c31a70eb..f76b42c99 100644 --- a/IkiWiki/Plugin/external.pm +++ b/IkiWiki/Plugin/external.pm @@ -20,7 +20,8 @@ sub import { #{{{ return unless defined $plugin; my ($plugin_read, $plugin_write); - my $pid = open2($plugin_read, $plugin_write, $plugin); + my $pid = open2($plugin_read, $plugin_write, + IkiWiki::possibly_foolish_untaint($plugin)); # open2 doesn't respect "use open ':utf8'" binmode($plugin_read, ':utf8'); |