From 47d5cd05866ebb755bda61b576a5e7f158ca3e49 Mon Sep 17 00:00:00 2001
From: Jamie Cameron <jcameron@webmin.com>
Date: Wed, 15 Aug 2012 13:29:35 -0700
Subject: [PATCH] Un-taint mdir before adding to @INC
 https://sourceforge.net/tracker/index.php?func=detail&aid=3558014&group_id=17457&atid=117457#

---
 web-lib-funcs.pl | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/web-lib-funcs.pl b/web-lib-funcs.pl
index 0b085707b..5e367de90 100755
--- a/web-lib-funcs.pl
+++ b/web-lib-funcs.pl
@@ -3285,6 +3285,8 @@ foreach my $f (@files) {
 	}
 my @OLDINC = @INC;
 my $mdir = &module_root_directory($mod);
+$mdir =~ /^(.*)$/; # untaint, part 1
+$mdir = $1; 	   # untaint, part 2
 @INC = &unique($mdir, @INC);
 -d $mdir || &error("Module $mod does not exist");
 if (!&get_module_name() && $mod) {