[whimsy] branch master updated: more untaints

[ru...@apache.org]

This is an automated email from the ASF dual-hosted git repository.

rubys pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/whimsy.git


The following commit(s) were added to refs/heads/master by this push:
     new 8ff2a0c  more untaints
8ff2a0c is described below

commit 8ff2a0ca0f13a1452c6d8649033bded63d83092e
Author: Sam Ruby <ru...@intertwingly.net>
AuthorDate: Mon Oct 23 14:02:09 2017 -0400

    more untaints
---
 www/test/icla/views/actions/validate.json.rb | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/www/test/icla/views/actions/validate.json.rb b/www/test/icla/views/actions/validate.json.rb
index 63b9d6c..d6bf07b 100644
--- a/www/test/icla/views/actions/validate.json.rb
+++ b/www/test/icla/views/actions/validate.json.rb
@@ -24,12 +24,12 @@ if @votelink and not @votelink.empty?
   # attempt to fetch the page
   if @votelink =~ /^https?:/i
     uri = URI.parse(@votelink)
-    http = Net::HTTP.new(uri.host, uri.port)
+    http = Net::HTTP.new(uri.host.untaint, uri.port)
     if uri.scheme == 'https'
       http.use_ssl = true
       http.verify_mode = OpenSSL::SSL::VERIFY_NONE 
     end
-    request = Net::HTTP::Get.new(uri.request_uri)
+    request = Net::HTTP::Get.new(uri.request_uri.untaint)
     response = http.request(request)
     unless response.code.to_i < 400
       _error "HTTP status #{response.code} for #{@votelink}"

-- 
To stop receiving notification emails like this one, please contact
['"commits@whimsical.apache.org" <co...@whimsical.apache.org>'].