This is an automated email from the ASF dual-hosted git repository.
sebb pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/whimsy.git
The following commit(s) were added to refs/heads/master by this push:
new 785aeeb Try untainting whole param
785aeeb is described below
commit 785aeeb40b4bb242c9d2314b727e620c8139081a
Author: Sebb <[email protected]>
AuthorDate: Fri Jan 17 18:32:38 2020 +0000
Try untainting whole param
---
lib/whimsy/asf/ldap.rb | 5 +++++
www/secretary/workbench/views/actions/icla2.json.rb | 2 +-
2 files changed, 6 insertions(+), 1 deletion(-)
diff --git a/lib/whimsy/asf/ldap.rb b/lib/whimsy/asf/ldap.rb
index f0e4969..0955617 100644
--- a/lib/whimsy/asf/ldap.rb
+++ b/lib/whimsy/asf/ldap.rb
@@ -361,6 +361,11 @@ module ASF
object.instance_variable_set(attr, WeakRef.new(value))
end
+if object == self
+ puts "Save #{attr} #{object}"
+else
+ puts "Nosave #{attr} #{object}"
+end
# keep track of which weak references are saved
@@weakrefs << attr if object == self
end
diff --git a/www/secretary/workbench/views/actions/icla2.json.rb
b/www/secretary/workbench/views/actions/icla2.json.rb
index 30b3280..1d0a006 100644
--- a/www/secretary/workbench/views/actions/icla2.json.rb
+++ b/www/secretary/workbench/views/actions/icla2.json.rb
@@ -69,7 +69,7 @@ end
# - calling .max on an empty array returns nil. Treat it as one as there
# is an existing document that will be moved into this directory.
# - If all else fails, set count to "N"
-count = (Array(ASF::SVN.list(ASF::SVN.svnurl('iclas') + '/' +
@filename.untaint)).
+count = (Array(ASF::SVN.list((ASF::SVN.svnurl('iclas') + '/' +
@filename).untaint)).
first.to_s.split.
map {|name| name[/.*(\d+)\./, 1] || 1}.
map(&:to_i).max || 1) + 1 rescue 'N'
