We can call this module also now over the API through
pvedaemon/pveproxy which have tainting checks on.
Thus we need to untaint the "read existing backups" inputs,
as else this errors out here.
Only triggers when over 10 backups existed already, so this does
not triggers really often in the real world.
Signed-off-by: Thomas Lamprecht <t.lampre...@proxmox.com>
---
data/PVE/Cluster.pm | 1 +
1 file changed, 1 insertion(+)
diff --git a/data/PVE/Cluster.pm b/data/PVE/Cluster.pm
index 27b1c97..fabf5bc 100644
--- a/data/PVE/Cluster.pm
+++ b/data/PVE/Cluster.pm
@@ -1762,6 +1762,7 @@ my $backup_cfs_database = sub {
if ((my $count = scalar(@$backups)) > $maxfiles) {
foreach my $f (@$backups[$maxfiles..$count-1]) {
+ next if $f !~ m/^(\S+)$/; # untaint
print "delete old backup '$1'\n";
unlink $1;
}
--
2.14.2
_______________________________________________
pve-devel mailing list
pve-devel@pve.proxmox.com
https://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
