untaint config_path

git-svn-id: svn://svn.rot13.org/SQL2XLS@15 2e857b76-582b-47e5-ad5c-b3ba0f0ee29b

diff --git a/sql2xls.cgi b/sql2xls.cgi
index f6a39d4..c71a7d6 100755 (executable)
--- a/sql2xls.cgi
+++ b/sql2xls.cgi
@@ -85,7 +85,7 @@ our $debug = 1;
 my $sql_dir = $ENV{SCRIPT_FILENAME} || '.';
 $sql_dir =~ s,/[^/]+$,,;
 
-my $config_path = "$sql_dir/config.pl";
+my $config_path = $1 if "$sql_dir/config.pl" =~ m/^(.+)$/; # untaint
 warn "# using $config_path\n";
 require $config_path if -e $config_path;