From ec60a064cdd8a2eec93f0d1312209f42aca88e38 Mon Sep 17 00:00:00 2001
From: Florian Pritz <bluewind@xinu.at>
Date: Sun, 22 Jan 2017 17:02:00 +0100
Subject: borg-restore.pl: Use taint mode with DBI

Signed-off-by: Florian Pritz <bluewind@xinu.at>
---
 borg-restore.pl | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/borg-restore.pl b/borg-restore.pl
index b16a0d2..04385c2 100755
--- a/borg-restore.pl
+++ b/borg-restore.pl
@@ -598,7 +598,7 @@ sub _open_db {
 	my $self = shift;
 	my $dbfile = shift;
 
-	$self->{dbh} = DBI->connect("dbi:SQLite:dbname=$dbfile","","", {RaiseError => 1});
+	$self->{dbh} = DBI->connect("dbi:SQLite:dbname=$dbfile","","", {RaiseError => 1, Taint => 1});
 	$self->{dbh}->do("PRAGMA cache_size=-1024000");
 	$self->{dbh}->do("PRAGMA strict=ON");
 }
@@ -708,7 +708,7 @@ sub get_archives_for_path {
 	my $path = shift;
 
 	my $st = $self->{dbh}->prepare('select * from `files` where `path` = ?;');
-	$st->execute($path);
+	$st->execute(untaint($path, qr(.*)));
 
 	my @ret;
 
-- 
cgit v1.2.3-24-g4f1b