diff options
author | Florian Pritz <bluewind@xinu.at> | 2017-02-19 10:47:05 +0100 |
---|---|---|
committer | Florian Pritz <bluewind@xinu.at> | 2017-02-19 10:47:05 +0100 |
commit | 249d331c3c4d43d491e22614edd164906ca25df2 (patch) | |
tree | d1ee6cffdb47a1bf4ae8166ec9b1244edb8a1cf9 | |
parent | a3738060b31983d903997ea95630d480c2418263 (diff) | |
download | bin-249d331c3c4d43d491e22614edd164906ca25df2.tar.gz bin-249d331c3c4d43d491e22614edd164906ca25df2.tar.xz |
borg-restore.pl: Untaint archive name in restore()
Signed-off-by: Florian Pritz <bluewind@xinu.at>
-rwxr-xr-x | borg-restore.pl | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/borg-restore.pl b/borg-restore.pl index 5479ba4..5ac2682 100755 --- a/borg-restore.pl +++ b/borg-restore.pl @@ -256,6 +256,7 @@ sub restore { $destination = untaint($destination, qr(.*)); $path = untaint($path, qr(.*)); + my $archive_name = untaint($archive->{archive}, qr([a-zA-Z0-9-]+)); printf "Restoring %s to %s from archive %s\n", $path, $destination, $archive->{archive}; @@ -271,7 +272,7 @@ sub restore { $final_destination = untaint($final_destination, qr(.*)); debug("Removing ".$final_destination); File::Path::remove_tree($final_destination); - system(qw(borg extract -v --strip-components), $components_to_strip, "::".$archive->{archive}, $path); + system(qw(borg extract -v --strip-components), $components_to_strip, "::".$archive_name, $path); } sub get_cache_dir { |