* In mercurial backend, untaint ipaddr when using it as the user for the

  commit. Thanks, Alexander Wirt. Closes: #420428

diff --git a/IkiWiki/Rcs/mercurial.pm b/IkiWiki/Rcs/mercurial.pm
index 84bf99c687d95cd0f956343b0bffeca1bacfd13a..2e15085ecca097c518b3525297833a10ada82c99 100644 (file)
--- a/IkiWiki/Rcs/mercurial.pm
+++ b/IkiWiki/Rcs/mercurial.pm
@@ -72,7 +72,7 @@ sub rcs_commit ($$$;$$) { #{{{
                $user = possibly_foolish_untaint($user);
        }
        elsif (defined $ipaddr) {
-               $user = "Anonymous from $ipaddr";
+               $user = "Anonymous from ".possibly_foolish_untaint($ipaddr);
        }
        else {
                $user = "Anonymous";

diff --git a/debian/changelog b/debian/changelog
index 3bc1d5086b1d71e315477c55ac40b9f94f032bf5..e4b0fc75fbcfb0598a2a4a6d1851a50ea52bc783 100644 (file)
--- a/debian/changelog
+++ b/debian/changelog
@@ -3,8 +3,10 @@ ikiwiki (1.51) UNRELEASED; urgency=low
   * Support setting svnpath to "" for wikis that are rooted at the top of
     their svn repositories, with no trunk directory.
   * Minor template improvements by Alessandro.
+  * In mercurial backend, untaint ipaddr when using it as the user for the
+    commit. Thanks, Alexander Wirt. Closes: #420428
 
- -- Joey Hess <joeyh@debian.org>  Wed, 18 Apr 2007 19:35:29 -0400
+ -- Joey Hess <joeyh@debian.org>  Sun, 22 Apr 2007 13:43:49 -0400
 
 ikiwiki (1.50) unstable; urgency=low