From 3b1a369795c72ee0d42fdeaa1c71cd97a3685954 Mon Sep 17 00:00:00 2001
From: Christian Schneider
Date: Thu, 28 Feb 2008 15:25:08 +0000
Subject: Globally untaint ULTRAHOME as it is generated in a safe way

---
 auto_prepend.php | 3 +++
 it.class         | 2 +-
 2 files changed, 4 insertions(+), 1 deletion(-)

diff --git a/auto_prepend.php b/auto_prepend.php
index 8955371..d382306 100644
--- a/auto_prepend.php
+++ b/auto_prepend.php
@@ -176,4 +176,7 @@ else
 	function it_taintcheck($value, $marks = 0) { return $value; }
 }
 
+# ULTRAHOME is generated in a safe way
+$GLOBALS['ULTRAHOME'] = it_untaint($GLOBALS['ULTRAHOME'], TC_ALL);
+
 ?>
diff --git a/it.class b/it.class
index 2a6fe35..083ca51 100644
--- a/it.class
+++ b/it.class
@@ -82,7 +82,7 @@ function log($name /* ... */)
 {
 	$args = func_get_args();
 	$line = date("Y-m-d H:i:s") . "\t" . implode("\t", array_slice($args, 1)) . "\n";
-	$fn = it_untaint($GLOBALS['ULTRAHOME'], TC_SELF) . "/log/$name-" . date('Ymd');
+	$fn = $GLOBALS['ULTRAHOME'] . "/log/$name-" . date('Ymd');
 
 	$existed = file_exists($fn);
 
-- 
cgit v1.2.3