ambiser
/
btrbk
mirror of https://github.com/digint/btrbk
9
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

btrbk: make safe_commands more restrictive

pull/504/merge
Axel Burri 2022-11-20 10:35:34 +01:00
parent 7a4a54db97
commit 7ad4ebe0af
1 changed files with 4 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
btrbk
View File

@ -806,7 +806,6 @@ sub _safe_cmd($;$)
# NOTE: all files must be absolute # NOTE: all files must be absolute
if($offending) { if($offending) {
push @$offending, $_ unless(defined(check_file($_, { absolute => 1 }))); push @$offending, $_ unless(defined(check_file($_, { absolute => 1 })));
push @$offending, $_ unless(!$safe_commands || /^($safe_file_match)$/);
} }
$_ = $prefix . quoteshell($_) . $postfix; $_ = $prefix . quoteshell($_) . $postfix;
} }
@ -3787,6 +3786,10 @@ sub check_file($$;@)
ERROR "Illegal leading/trailing whitespace ${error_statement}: \"$file\"" if(defined($error_statement)); ERROR "Illegal leading/trailing whitespace ${error_statement}: \"$file\"" if(defined($error_statement));
return undef; return undef;
} }
if($safe_commands && $file !~ /^$safe_file_match$/) {
ERROR "Invalid file name (restricted by \"safe_commands\" option) ${error_statement}: \"$file\"" if(defined($error_statement));
return undef;
}
return $file; return $file;
} }