Globally untaint ULTRAHOME as it is generated in a safe way

author: Christian Schneider 2008-02-28 15:25:08 +0000
committer: Christian Schneider 2008-02-28 15:25:08 +0000
commit: 3b1a369795c72ee0d42fdeaa1c71cd97a3685954 (patch)
tree: 5659a1424760cefe9eb531b72c5e9c2a380a66dd
parent: ec3e1ea1ef5bad7208eae3da037264bf4d592186 (diff)
download: itools-3b1a369795c72ee0d42fdeaa1c71cd97a3685954.tar.gz
itools-3b1a369795c72ee0d42fdeaa1c71cd97a3685954.tar.bz2
itools-3b1a369795c72ee0d42fdeaa1c71cd97a3685954.zip
2 files changed, 4 insertions, 1 deletions
diff --git a/auto_prepend.php b/auto_prepend.php
index 8955371..d382306 100644
--- a/auto_prepend.php
+++ b/auto_prepend.php
@@ -176,4 +176,7 @@ else
 	function it_taintcheck($value, $marks = 0) { return $value; }
 }
 
+# ULTRAHOME is generated in a safe way
+$GLOBALS['ULTRAHOME'] = it_untaint($GLOBALS['ULTRAHOME'], TC_ALL);
+
 ?>
diff --git a/it.class b/it.class
index 2a6fe35..083ca51 100644
--- a/it.class
+++ b/it.class
@@ -82,7 +82,7 @@ function log($name /* ... */)
 {
 	$args = func_get_args();
 	$line = date("Y-m-d H:i:s") . "\t" . implode("\t", array_slice($args, 1)) . "\n";
-	$fn = it_untaint($GLOBALS['ULTRAHOME'], TC_SELF) . "/log/$name-" . date('Ymd');
+	$fn = $GLOBALS['ULTRAHOME'] . "/log/$name-" . date('Ymd');
 
 	$existed = file_exists($fn);
author	Christian Schneider	2008-02-28 15:25:08 +0000
committer	Christian Schneider	2008-02-28 15:25:08 +0000
commit	3b1a369795c72ee0d42fdeaa1c71cd97a3685954 (patch)
tree	5659a1424760cefe9eb531b72c5e9c2a380a66dd
parent	ec3e1ea1ef5bad7208eae3da037264bf4d592186 (diff)
download	itools-3b1a369795c72ee0d42fdeaa1c71cd97a3685954.tar.gz itools-3b1a369795c72ee0d42fdeaa1c71cd97a3685954.tar.bz2 itools-3b1a369795c72ee0d42fdeaa1c71cd97a3685954.zip