| commit | 5ba386aede189ce22f900fd9548d3135e46bd7ff | |
| author | Heikki Hokkanen <hoxu@users.sf.net> | |
| Sat, 21 Dec 2013 13:04:04 +0000 (21 15:04 +0200) | ||
| committer | Heikki Hokkanen <hoxu@users.sf.net> | |
| Sat, 21 Dec 2013 13:04:04 +0000 (21 15:04 +0200) | ||
| tree | 953e362b204352be2a1718a4c8fbc0e56273b4c9 | treesnapshot (tar.gz zip) |
| parent | a664c2eb6b6150acec2a99be95c94d7912563732 | commitdiff |
Remove backticks from author names passed to gnuplot.
Without this, author names containing `touch /tmp/vulnerable` would cause said
file to appear after generating statistics for the given repository.
This is not an optimal solution. Instead of blacklisting characters we should
either whitelist some, or find a safe escape mechanism for gnuplot.
Without this, author names containing `touch /tmp/vulnerable` would cause said
file to appear after generating statistics for the given repository.
This is not an optimal solution. Instead of blacklisting characters we should
either whitelist some, or find a safe escape mechanism for gnuplot.
| gitstats | diffblobblamehistory |