diff options
| author | Hugo Herbelin | 2020-05-07 19:20:39 +0200 |
|---|---|---|
| committer | Hugo Herbelin | 2020-05-11 21:56:00 +0200 |
| commit | 632f709b95f4fa47e86e5c498b995eb9c2cf2ff6 (patch) | |
| tree | fa8ee5ad72ac8e990bfa8c7e51185289803eb201 /doc/tools | |
| parent | 76f7adccc72e6e85bfc2aaec7c5f348e5966b024 (diff) | |
Checking validity of coqdoc file name.
This fixes #12265 (javascript injection vulnerability in file name).
Diffstat (limited to 'doc/tools')
| -rw-r--r-- | doc/tools/coqrst/coqdoc/main.py | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/doc/tools/coqrst/coqdoc/main.py b/doc/tools/coqrst/coqdoc/main.py index de0d912c03..522b9900a5 100644 --- a/doc/tools/coqrst/coqdoc/main.py +++ b/doc/tools/coqrst/coqdoc/main.py @@ -36,7 +36,7 @@ COQDOC_HEADER = "".join("(** remove printing {} *)".format(s) for s in COQDOC_SY def coqdoc(coq_code, coqdoc_bin=None): """Get the output of coqdoc on coq_code.""" coqdoc_bin = coqdoc_bin or os.path.join(os.getenv("COQBIN", ""), "coqdoc") - fd, filename = mkstemp(prefix="coqdoc-", suffix=".v") + fd, filename = mkstemp(prefix="coqdoc_", suffix=".v") if platform.system().startswith("CYGWIN"): # coqdoc currently doesn't accept cygwin style paths in the form "/cygdrive/c/..." filename = check_output(["cygpath", "-w", filename]).decode("utf-8").strip() |