Skip to content

Commit

Permalink
Item11458: Untaint the htpasswd file location
Browse files Browse the repository at this point in the history
This is causing a taint error if the location or name of .htpasswd or
the lock file are changed.  Since this is admin only, untainting without
any checks.

git-svn-id: http://svn.foswiki.org/trunk@14288 0b4bb1d4-4e5a-0410-9cc4-b2b747904278
  • Loading branch information
GeorgeClark authored and GeorgeClark committed Mar 11, 2012
1 parent 93350b2 commit f6a64f9
Show file tree
Hide file tree
Showing 2 changed files with 4 additions and 0 deletions.
2 changes: 2 additions & 0 deletions core/lib/Foswiki/Configure/Checkers/Htpasswd/FileName.pm
Original file line number Diff line number Diff line change
Expand Up @@ -23,6 +23,8 @@ sub check {
my $f = $Foswiki::cfg{Htpasswd}{FileName};
Foswiki::Configure::Load::expandValue($f);

($f) = $f =~ m/(.*)/; # Untaint needed to prevent a failure.

unless ( -e $f ) {

# password file does not exist; check it can be created
Expand Down
2 changes: 2 additions & 0 deletions core/lib/Foswiki/Configure/Checkers/Htpasswd/LockFileName.pm
Original file line number Diff line number Diff line change
Expand Up @@ -23,6 +23,8 @@ sub check {
my $f = $Foswiki::cfg{Htpasswd}{LockFileName};
Foswiki::Configure::Load::expandValue($f);

($f) = $f =~ m/(.*)/; # Untaint needed to prevent a failure.

unless ( -e $f ) {

# lock file does not exist; check it can be created
Expand Down

0 comments on commit f6a64f9

Please sign in to comment.