diff options
| author | D German <dmg@uvic.ca> | 2017-03-26 15:32:58 -0700 |
|---|---|---|
| committer | D German <dmg@uvic.ca> | 2017-03-26 15:32:58 -0700 |
| commit | 75fb67c36a1c4dcec6b9b2c4e7102a1000066c4f (patch) | |
| tree | 6bcdcd46970510696ca6bdf3b9e7e709c71c3676 /lib/Ninka/CommentExtractor.pm | |
| parent | 5178cd486efc619c68aeedc7988c58940ccef645 (diff) | |
| download | ninka-75fb67c36a1c4dcec6b9b2c4e7102a1000066c4f.tar.gz | |
Avoid execution of files that include & in the filename
Diffstat (limited to 'lib/Ninka/CommentExtractor.pm')
| -rw-r--r-- | lib/Ninka/CommentExtractor.pm | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/lib/Ninka/CommentExtractor.pm b/lib/Ninka/CommentExtractor.pm index 8a2e66f..c01d91f 100644 --- a/lib/Ninka/CommentExtractor.pm +++ b/lib/Ninka/CommentExtractor.pm @@ -66,6 +66,10 @@ sub create_head_cmd { sub execute_command { my ($command) = @_; + if ($command =~ /&/) { + die "illegal file name in command to be executed [$command]"; + } + my ($child_in, $child_out, $child_err); $child_err = gensym(); my $pid = open3($child_in, $child_out, $child_err, $command); |