You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@whimsical.apache.org by se...@apache.org on 2020/07/06 22:11:00 UTC

[whimsy] branch master updated: Try to fix Insecure operation

This is an automated email from the ASF dual-hosted git repository.

sebb pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/whimsy.git


The following commit(s) were added to refs/heads/master by this push:
     new 28181b5  Try to fix Insecure operation
28181b5 is described below

commit 28181b5aed7b263e3dc2e31a8356b2741e482e09
Author: Sebb <se...@apache.org>
AuthorDate: Mon Jul 6 23:10:50 2020 +0100

    Try to fix Insecure operation
---
 lib/whimsy/asf/svn.rb | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/lib/whimsy/asf/svn.rb b/lib/whimsy/asf/svn.rb
index 4f84c9e..a1d6625 100644
--- a/lib/whimsy/asf/svn.rb
+++ b/lib/whimsy/asf/svn.rb
@@ -663,7 +663,7 @@ module ASF
       tmpdir = temp ? temp : Dir.mktmpdir.untaint
 
       begin
-        cmdfile = Tempfile.new('svnmucc_input', tmpdir).untaint
+        cmdfile = Tempfile.new('svnmucc_input', tmpdir)
         # add the commands
         commands.each do |cmd|
           raise ArgumentError.new 'command entries must be an array' unless Array === cmd
@@ -713,7 +713,7 @@ module ASF
           end
         end
       ensure
-        File.delete cmdfile # always drop the command file
+        File.delete cmdfile.path.untaint # always drop the command file
         FileUtils.rm_rf tmpdir unless temp
       end
     end