diff options
| author | Florian Pritz <bluewind@xinu.at> | 2019-09-28 14:30:19 +0200 |
|---|---|---|
| committer | Florian Pritz <bluewind@xinu.at> | 2019-09-28 15:25:57 +0200 |
| commit | 2283a5a231b301b01f3c43a20853b4ee41a5582c (patch) | |
| tree | c1d449356a37f29551ff85c09d0bb48f4b748985 /lib/App/BorgRestore/DB.pm | |
| parent | 4eaf6823cbf2c2d332b317e6f6f755b23b6a1d1f (diff) | |
| download | App-BorgRestore-2283a5a231b301b01f3c43a20853b4ee41a5582c.tar.gz App-BorgRestore-2283a5a231b301b01f3c43a20853b4ee41a5582c.tar.xz | |
Helper: Remove untaint_archive_name
We no longer need a special whitelist for archive names since the
database no longer uses them as column keys. We still need to untaint
variables that are passed to DBI so we use untaint() for this now. We
also move the location of the untaint call closer to its usage with
DBI/system() to prevent untainted data from leaking elsewhere.
Fixes #4
Signed-off-by: Florian Pritz <bluewind@xinu.at>
Diffstat (limited to 'lib/App/BorgRestore/DB.pm')
| -rw-r--r-- | lib/App/BorgRestore/DB.pm | 8 |
1 files changed, 2 insertions, 6 deletions
diff --git a/lib/App/BorgRestore/DB.pm b/lib/App/BorgRestore/DB.pm index fe85c4d..cb51ce1 100644 --- a/lib/App/BorgRestore/DB.pm +++ b/lib/App/BorgRestore/DB.pm @@ -125,10 +125,8 @@ method get_archive_row_count() { } method add_archive_name($archive) { - $archive = App::BorgRestore::Helper::untaint_archive_name($archive); - my $st = $self->{dbh}->prepare('insert into `archives` (`archive_name`) values (?);'); - $st->execute($archive); + $st->execute(App::BorgRestore::Helper::untaint($archive, qr(.*))); $self->_add_column_to_table("files", $archive); } @@ -139,8 +137,6 @@ method _add_column_to_table($table, $column) { } method remove_archive($archive) { - $archive = App::BorgRestore::Helper::untaint_archive_name($archive); - my $archive_id = $self->get_archive_id($archive); my @keep_archives = grep {$_ ne $archive;} @{$self->get_archive_names()}; @@ -172,7 +168,7 @@ method remove_archive($archive) { } my $st = $self->{dbh}->prepare('delete from `archives` where `archive_name` = ?;'); - $st->execute($archive); + $st->execute(App::BorgRestore::Helper::untaint($archive, qr(.*))); } method get_archive_id($archive) { |