From 2283a5a231b301b01f3c43a20853b4ee41a5582c Mon Sep 17 00:00:00 2001 From: Florian Pritz Date: Sat, 28 Sep 2019 14:30:19 +0200 Subject: Helper: Remove untaint_archive_name We no longer need a special whitelist for archive names since the database no longer uses them as column keys. We still need to untaint variables that are passed to DBI so we use untaint() for this now. We also move the location of the untaint call closer to its usage with DBI/system() to prevent untainted data from leaking elsewhere. Fixes #4 Signed-off-by: Florian Pritz --- lib/App/BorgRestore.pm | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) (limited to 'lib/App/BorgRestore.pm') diff --git a/lib/App/BorgRestore.pm b/lib/App/BorgRestore.pm index afbe918..2ae0a09 100644 --- a/lib/App/BorgRestore.pm +++ b/lib/App/BorgRestore.pm @@ -329,7 +329,6 @@ process during method execution since this is required by C<`borg extract`>. method restore($path, $archive, $destination) { $destination = App::BorgRestore::Helper::untaint($destination, qr(.*)); $path = App::BorgRestore::Helper::untaint($path, qr(.*)); - my $archive_name = App::BorgRestore::Helper::untaint_archive_name($archive->{archive}); $log->infof("Restoring %s to %s from archive %s", $path, $destination, $archive->{archive}); @@ -346,7 +345,7 @@ method restore($path, $archive, $destination) { $final_destination = App::BorgRestore::Helper::untaint($final_destination, qr(.*)); $log->debugf("Removing %s", $final_destination); File::Path::remove_tree($final_destination); - $self->{deps}->{borg}->restore($components_to_strip, $archive_name, $path); + $self->{deps}->{borg}->restore($components_to_strip, $archive->{archive}, $path); } $log->debugf("CWD is %s", getcwd()); } -- cgit v1.2.3-24-g4f1b