From 1e62d2bc0c3c5ff0ab52dfdfe82c8abbcb5b6c3a Mon Sep 17 00:00:00 2001
From: joey <joey@0fa5a96a-9a0e-0410-b3b2-a0fd24251071>
Date: Sun, 22 Apr 2007 17:45:39 +0000
Subject: * In mercurial backend, untaint ipaddr when using it as the user for
 the   commit. Thanks, Alexander Wirt. Closes: #420428

---
 IkiWiki/Rcs/mercurial.pm | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'IkiWiki/Rcs')

diff --git a/IkiWiki/Rcs/mercurial.pm b/IkiWiki/Rcs/mercurial.pm
index 84bf99c68..2e15085ec 100644
--- a/IkiWiki/Rcs/mercurial.pm
+++ b/IkiWiki/Rcs/mercurial.pm
@@ -72,7 +72,7 @@ sub rcs_commit ($$$;$$) { #{{{
 		$user = possibly_foolish_untaint($user);
 	}
 	elsif (defined $ipaddr) {
-		$user = "Anonymous from $ipaddr";
+		$user = "Anonymous from ".possibly_foolish_untaint($ipaddr);
 	}
 	else {
 		$user = "Anonymous";
-- 
cgit v1.2.3