This is an automated email from the ASF dual-hosted git repository.
rubys pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/whimsy.git
The following commit(s) were added to refs/heads/master by this push:
new ca6dc9b untaint path
ca6dc9b is described below
commit ca6dc9b5efaa8b252f9852c43b6fced00403612c
Author: Sam Ruby <[email protected]>
AuthorDate: Mon Oct 23 18:08:12 2017 -0400
untaint path
---
www/secretary/workbench/views/actions/check-signature.json.rb | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/www/secretary/workbench/views/actions/check-signature.json.rb
b/www/secretary/workbench/views/actions/check-signature.json.rb
index 920f306..52179ec 100644
--- a/www/secretary/workbench/views/actions/check-signature.json.rb
+++ b/www/secretary/workbench/views/actions/check-signature.json.rb
@@ -16,7 +16,7 @@ begin
gpg = `which gpg`.chomp if gpg.empty?
# run gpg verify command
- out, err, rc = Open3.capture3 gpg, '--verify', signature.path,
+ out, err, rc = Open3.capture3 gpg.untaint, '--verify', signature.path,
attachment.path
# if key is not found, fetch and try again
--
To stop receiving notification emails like this one, please contact
['"[email protected]" <[email protected]>'].
