You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@whimsical.apache.org by se...@apache.org on 2020/07/06 22:11:00 UTC
[whimsy] branch master updated: Try to fix Insecure operation
This is an automated email from the ASF dual-hosted git repository.
sebb pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/whimsy.git
The following commit(s) were added to refs/heads/master by this push:
new 28181b5 Try to fix Insecure operation
28181b5 is described below
commit 28181b5aed7b263e3dc2e31a8356b2741e482e09
Author: Sebb <se...@apache.org>
AuthorDate: Mon Jul 6 23:10:50 2020 +0100
Try to fix Insecure operation
---
lib/whimsy/asf/svn.rb | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/lib/whimsy/asf/svn.rb b/lib/whimsy/asf/svn.rb
index 4f84c9e..a1d6625 100644
--- a/lib/whimsy/asf/svn.rb
+++ b/lib/whimsy/asf/svn.rb
@@ -663,7 +663,7 @@ module ASF
tmpdir = temp ? temp : Dir.mktmpdir.untaint
begin
- cmdfile = Tempfile.new('svnmucc_input', tmpdir).untaint
+ cmdfile = Tempfile.new('svnmucc_input', tmpdir)
# add the commands
commands.each do |cmd|
raise ArgumentError.new 'command entries must be an array' unless Array === cmd
@@ -713,7 +713,7 @@ module ASF
end
end
ensure
- File.delete cmdfile # always drop the command file
+ File.delete cmdfile.path.untaint # always drop the command file
FileUtils.rm_rf tmpdir unless temp
end
end