https://bugs.koozali.org/show_bug.cgi?id=11742
--- Comment #1 from Jean-Philippe Pialasse <[email protected]> ---
in /usr/share/perl5/vendor_perl/esmith/FormMagick/Panel/wireguard.pm
sub performCreateClient
($info) = $info =~ /([A-Za-z0-9_-]+)/;
$info is send to an event so it needs to be untainted
this show me that I forgot to untaint it for the modify
however we could add the space in regex and put quote around
unless ( system ("/sbin/e-smith/signal-event", "wireguard-user-create",
"$username" , "'$info'") == 0 ){
sub performModifyClient{
my $info = $q->param('info');
should ideally also untainted as I said earlier, also all string should be
checked.
could give a try
--
You are receiving this mail because:
You are the assignee for the bug._______________________________________________
Mail for each SME Contribs bug report
To unsubscribe, e-mail [email protected]
Searchable archive at https://lists.contribs.org/mailman/public/contribteam/
