From 8d39350677660d114502ceb48bd067c74339ece3 Mon Sep 17 00:00:00 2001
From: Benjamin Kellermann <Benjamin.Kellermann@gmx.de>
Date: Mon, 8 Jun 2009 11:17:32 +0200
Subject: Security bugfix: bzr.rb could be exploited

---
 bzr.rb         | 4 ++--
 config.cgi     | 7 +------
 participate.rb | 2 +-
 3 files changed, 4 insertions(+), 9 deletions(-)

diff --git a/bzr.rb b/bzr.rb
index cd1fe20..c3f4190 100644
--- a/bzr.rb
+++ b/bzr.rb
@@ -13,7 +13,7 @@ class VCS
 	end
 
 	def VCS.cat revision, file
-		`#{BZRCMD} cat -r #{revision} #{file}`
+		`#{BZRCMD} cat -r #{revision.to_i} #{file}`
 	end
 
 	def VCS.history
@@ -21,6 +21,6 @@ class VCS
 	end
 
 	def VCS.commit comment
-		`#{BZRCMD} commit -m '#{comment}'`
+		`#{BZRCMD} commit -m \"#{comment}\"`
 	end
 end
diff --git a/config.cgi b/config.cgi
index ec16bdb..107e2a6 100755
--- a/config.cgi
+++ b/config.cgi
@@ -33,12 +33,7 @@ require "poll"
 require "datepoll"
 Dir.chdir(olddir)
 
-if $cgi.include?("revision")
-	REVISION=$cgi["revision"].to_i
-	table = YAML::load(VCS.cat(REVISION, "data.yaml"))
-else
-	table = YAML::load_file("data.yaml")
-end
+table = YAML::load_file("data.yaml")
 
 $htmlout = <<HTMLHEAD
 <head>
diff --git a/participate.rb b/participate.rb
index 744f157..2fd057e 100644
--- a/participate.rb
+++ b/participate.rb
@@ -11,7 +11,7 @@ require "datepoll"
 Dir.chdir(olddir)
 
 if $cgi.include?("revision")
-	REVISION=$cgi["revision"].to_i
+	REVISION=$cgi["revision"]
 	table = YAML::load(VCS.cat(REVISION, "data.yaml"))
 else
 	table = YAML::load_file("data.yaml")
-- 
cgit v1.2.3