* In mercurial backend, untaint ipaddr when using it as the user for the
[ikiwiki.git] / IkiWiki / Rcs / mercurial.pm
index 84bf99c687d95cd0f956343b0bffeca1bacfd13a..2e15085ecca097c518b3525297833a10ada82c99 100644 (file)
@@ -72,7 +72,7 @@ sub rcs_commit ($$$;$$) { #{{{
                $user = possibly_foolish_untaint($user);
        }
        elsif (defined $ipaddr) {
-               $user = "Anonymous from $ipaddr";
+               $user = "Anonymous from ".possibly_foolish_untaint($ipaddr);
        }
        else {
                $user = "Anonymous";