You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@whimsical.apache.org by se...@apache.org on 2020/07/16 10:15:28 UTC
[whimsy] branch master updated: Prevent security error in
multiUpdate
This is an automated email from the ASF dual-hosted git repository.
sebb pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/whimsy.git
The following commit(s) were added to refs/heads/master by this push:
new c40d21c Prevent security error in multiUpdate
c40d21c is described below
commit c40d21ccbbeca7e3b4e4907421853400c6e32f06
Author: Sebb <se...@apache.org>
AuthorDate: Thu Jul 16 11:15:15 2020 +0100
Prevent security error in multiUpdate
---
www/board/agenda/views/actions/publish.json.rb | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/www/board/agenda/views/actions/publish.json.rb b/www/board/agenda/views/actions/publish.json.rb
index ec1e8d3..812a090 100755
--- a/www/board/agenda/views/actions/publish.json.rb
+++ b/www/board/agenda/views/actions/publish.json.rb
@@ -68,7 +68,7 @@ ASF::SVN.update MINUTES, @message, env, _ do |tmpdir|
end
# Update the Calendar from SVN
-ASF::SVN.multiUpdate_ ASF::SVN.svnpath!('site-board', 'calendar.mdtext' ), @message, env, _ do |calendar|
+ASF::SVN.multiUpdate_ ASF::SVN.svnpath!('site-board', 'calendar.mdtext' ).untaint, @message, env, _ do |calendar|
# add year header
unless calendar.include? "##{year}"
calendar[/^()#.*Board meeting minutes #/,1] =