From 632f709b95f4fa47e86e5c498b995eb9c2cf2ff6 Mon Sep 17 00:00:00 2001
From: Hugo Herbelin
Date: Thu, 7 May 2020 19:20:39 +0200
Subject: Checking validity of coqdoc file name.

This fixes #12265 (javascript injection vulnerability in file name).
---
 doc/tools/coqrst/coqdoc/main.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'doc')

diff --git a/doc/tools/coqrst/coqdoc/main.py b/doc/tools/coqrst/coqdoc/main.py
index de0d912c03..522b9900a5 100644
--- a/doc/tools/coqrst/coqdoc/main.py
+++ b/doc/tools/coqrst/coqdoc/main.py
@@ -36,7 +36,7 @@ COQDOC_HEADER = "".join("(** remove printing {} *)".format(s) for s in COQDOC_SY
 def coqdoc(coq_code, coqdoc_bin=None):
     """Get the output of coqdoc on coq_code."""
     coqdoc_bin = coqdoc_bin or os.path.join(os.getenv("COQBIN", ""), "coqdoc")
-    fd, filename = mkstemp(prefix="coqdoc-", suffix=".v")
+    fd, filename = mkstemp(prefix="coqdoc_", suffix=".v")
     if platform.system().startswith("CYGWIN"):
         # coqdoc currently doesn't accept cygwin style paths in the form "/cygdrive/c/..."
         filename = check_output(["cygpath", "-w", filename]).decode("utf-8").strip()
-- 
cgit v1.2.3