# HG changeset patch
# User HIROSE Yuuji <yuuji@gentei.org>
# Date 1437433350 -32400
# Node ID 262bbdea72e28a1c317567e98bdbde62bad2faa2
# Parent  3565d93c2fb1221741dd5228af5ebb7033b4b20a
Clear taint flag

diff -r 3565d93c2fb1 -r 262bbdea72e2 mpsplit.pl
--- a/mpsplit.pl	Mon Jul 20 18:09:20 2015 +0900
+++ b/mpsplit.pl	Tue Jul 21 08:02:30 2015 +0900
@@ -1,6 +1,9 @@
 #!/usr/bin/env perl
 $sep = "--" . $ARGV[0];
 $dir = ($ARGV[1] || "tmp");
+if ($dir =~ /^([^<>\;\&]*)$/) {
+  $dir = $1;
+}
 
 #print "sep=".$sep, "dir=$dir\n";
 #binmode STDIN;
@@ -23,7 +26,10 @@
   $name = $2;
   #print "name=$name\n";
   if ($header =~ /filename=(['\"]?)(.*?)\1/ && $2 gt "") {
-    $fn = $2;
+    $fn=$2;
+    if ($fn =~ /^([^\/]*)$/) {
+      $fn = $1;
+    }
     open(OUT, ">$dir/$fn");
       print OUT $body;
     close(OUT);