More logical place to untaint

commit: 3bec3be82dcb2d0beaa256da4081a54a6cd3f4c7 [log] [tgz]
author: Sebb <sebb@apache.org> Tue Jul 21 16:46:08 2020 +0100
committer: Sebb <sebb@apache.org> Tue Jul 21 16:46:08 2020 +0100
tree: 9a7b2ec2fc65af4dc87c67a35b45377e29fbc21c
parent: 0352c248850a3487ae8f1ce239c5a400820b4526 [diff]
diff --git a/lib/whimsy/asf/svn.rb b/lib/whimsy/asf/svn.rb
index 19e76d6..2edd787 100644
--- a/lib/whimsy/asf/svn.rb
+++ b/lib/whimsy/asf/svn.rb

@@ -132,11 +132,11 @@
     # Includes aliases
     def self.svnurl(name)
       entry = self._all_repo_entries[name] or return nil
-      url = entry['url'].untaint
+      url = entry['url']
       unless url # bad entry
         raise Exception.new("Unable to find url attribute for SVN entry #{name}")
       end
-      return (@base+url).to_s
+      return (@base+url).to_s.untaint # to_s makes the var tainted
     end
 
     # fetch a repository URL by name - abort if not found
@@ -155,7 +155,7 @@
     # name - the nickname for the URL
     # relpath - the relative path(s) to the file
     def self.svnpath!(name,*relpath)
-      base = self.svnurl!(name).untaint # this should be OK
+      base = self.svnurl!(name)
       base = base + '/' unless base.end_with? '/'
       endpart = [relpath].join('/').sub(%r{^/+},'').gsub(%r{/+},'/')
       return base + endpart
commit	3bec3be82dcb2d0beaa256da4081a54a6cd3f4c7	[log] [tgz]
author	Sebb <sebb@apache.org>	Tue Jul 21 16:46:08 2020 +0100
committer	Sebb <sebb@apache.org>	Tue Jul 21 16:46:08 2020 +0100
tree	9a7b2ec2fc65af4dc87c67a35b45377e29fbc21c
parent	0352c248850a3487ae8f1ce239c5a400820b4526 [diff]