You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@whimsical.apache.org by se...@apache.org on 2020/07/06 20:43:18 UTC

[whimsy] branch master updated: Ensure env auth is untainted

This is an automated email from the ASF dual-hosted git repository.

sebb pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/whimsy.git


The following commit(s) were added to refs/heads/master by this push:
     new 9ac18f8  Ensure env auth is untainted
9ac18f8 is described below

commit 9ac18f858f96c8b960e7cfa6288ce76ce556e0d0
Author: Sebb <se...@apache.org>
AuthorDate: Mon Jul 6 21:43:09 2020 +0100

    Ensure env auth is untainted
---
 lib/whimsy/asf/rack.rb | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/lib/whimsy/asf/rack.rb b/lib/whimsy/asf/rack.rb
index 78e2937..887a796 100644
--- a/lib/whimsy/asf/rack.rb
+++ b/lib/whimsy/asf/rack.rb
@@ -20,6 +20,8 @@ module ASF
         env.user, env.password = Base64.
           decode64(auth[/^Basic ([A-Za-z0-9+\/=]+)$/,1].to_s).split(':',2)
       end
+      env.user.untaint
+      env.password.untaint
 
       env['REMOTE_USER'] ||= env.user