summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorFlorian Pritz <bluewind@xinu.at>2017-02-19 10:47:05 +0100
committerFlorian Pritz <bluewind@xinu.at>2017-02-19 10:47:05 +0100
commit249d331c3c4d43d491e22614edd164906ca25df2 (patch)
treed1ee6cffdb47a1bf4ae8166ec9b1244edb8a1cf9
parenta3738060b31983d903997ea95630d480c2418263 (diff)
downloadbin-249d331c3c4d43d491e22614edd164906ca25df2.tar.gz
bin-249d331c3c4d43d491e22614edd164906ca25df2.tar.xz
borg-restore.pl: Untaint archive name in restore()
Signed-off-by: Florian Pritz <bluewind@xinu.at>
-rwxr-xr-xborg-restore.pl3
1 files changed, 2 insertions, 1 deletions
diff --git a/borg-restore.pl b/borg-restore.pl
index 5479ba4..5ac2682 100755
--- a/borg-restore.pl
+++ b/borg-restore.pl
@@ -256,6 +256,7 @@ sub restore {
$destination = untaint($destination, qr(.*));
$path = untaint($path, qr(.*));
+ my $archive_name = untaint($archive->{archive}, qr([a-zA-Z0-9-]+));
printf "Restoring %s to %s from archive %s\n", $path, $destination, $archive->{archive};
@@ -271,7 +272,7 @@ sub restore {
$final_destination = untaint($final_destination, qr(.*));
debug("Removing ".$final_destination);
File::Path::remove_tree($final_destination);
- system(qw(borg extract -v --strip-components), $components_to_strip, "::".$archive->{archive}, $path);
+ system(qw(borg extract -v --strip-components), $components_to_strip, "::".$archive_name, $path);
}
sub get_cache_dir {