You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@whimsical.apache.org by ru...@apache.org on 2018/03/05 23:18:17 UTC

[whimsy] branch master updated: Fix SecurityError: tainted from_addr

This is an automated email from the ASF dual-hosted git repository.

rubys pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/whimsy.git


The following commit(s) were added to refs/heads/master by this push:
     new 76246bb  Fix SecurityError: tainted from_addr
76246bb is described below

commit 76246bb21386ba56b1a508cd4eb7e71208beade8
Author: Sam Ruby <ru...@intertwingly.net>
AuthorDate: Mon Mar 5 18:18:01 2018 -0500

    Fix SecurityError: tainted from_addr
---
 www/secretary/workbench/personalize.rb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/www/secretary/workbench/personalize.rb b/www/secretary/workbench/personalize.rb
index dae98e8..c451adb 100644
--- a/www/secretary/workbench/personalize.rb
+++ b/www/secretary/workbench/personalize.rb
@@ -24,7 +24,7 @@ class Wunderbar::JsonBuilder
 
       person = ASF::Person.find(user)
 
-      @from = "#{person.public_name} <#{...@apache.org>"
+      @from = "#{person.public_name} <#{...@apache.org>".untaint
       @sig = %{
         -- #{person.public_name}
         Apache Software Foundation Secretarial Team

-- 
To stop receiving notification emails like this one, please contact
rubys@apache.org.