You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@whimsical.apache.org by se...@apache.org on 2020/07/17 16:41:46 UTC
[whimsy] branch master updated: Untaint urls derived from
repository.yml
This is an automated email from the ASF dual-hosted git repository.
sebb pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/whimsy.git
The following commit(s) were added to refs/heads/master by this push:
new 6d68443 Untaint urls derived from repository.yml
6d68443 is described below
commit 6d68443becf7bf0c50552c277afbdf5f13b7d5ce
Author: Sebb <se...@apache.org>
AuthorDate: Fri Jul 17 17:41:32 2020 +0100
Untaint urls derived from repository.yml
---
lib/whimsy/asf/svn.rb | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/lib/whimsy/asf/svn.rb b/lib/whimsy/asf/svn.rb
index 7e195b6..a56b55f 100644
--- a/lib/whimsy/asf/svn.rb
+++ b/lib/whimsy/asf/svn.rb
@@ -155,7 +155,7 @@ module ASF
# name - the nickname for the URL
# relpath - the relative path(s) to the file
def self.svnpath!(name,*relpath)
- base = self.svnurl!(name)
+ base = self.svnurl!(name).untaint # this should be OK
base = base + '/' unless base.end_with? '/'
endpart = [relpath].join('/').sub(%r{^/+},'').gsub(%r{/+},'/')
return base + endpart