[drraw-users] How to get RCS to work with drraw

[Christophe Kalt]

On Aug 22, Matt Perry wrote:
| I'm not sure what to do next to get this to work.  Turning off taint
| checking seeming like a really bad idea.  If any of you are using RCS with
| drraw can you tell me what you did to get it to work?  Thanks.

Fix is attached.
-------------- next part --------------
Index: drraw.cgi
===================================================================
--- drraw.cgi	(revision 1517)
+++ drraw.cgi	(working copy)
@@ -2555,6 +2555,7 @@
     } else {
         $rcsuser = "-wguest[$ENV{REMOTE_ADDR}]";
     }
+    $rcsuser =~ /(.+)/; $rcsuser = $1;  # Untaint
 
     my $rcs;
 
@@ -2596,8 +2597,8 @@
     }
 
     if ( $use_rcs && defined($rcs) ) {
-        if ( $ok ) {
-            if ( $rcs->ci('-u', '-m'. $log, $rcsuser) != 1 ) {
+        if ( $ok && $log =~ /(.+)/ ) {
+            if ( $rcs->ci('-u', '-m'. $1, $rcsuser) != 1 ) {
                 &Error("Failed to check in $file");
                 $ok = 0;
             }