From eb07951c321f76546ca61b44979b89cff53f2d0c Mon Sep 17 00:00:00 2001
From: Durand Fabrice <fdurand@inverse.ca>
Date: Thu, 22 Jun 2017 08:26:25 -0400
Subject: [PATCH] untaint $o->{API}{location} if $o->{CONFIG}{UNTAINT} is
 enable

---
 Python.pm | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/Python.pm b/Python.pm
index 5e137f1..2b9172a 100644
--- a/Python.pm
+++ b/Python.pm
@@ -190,6 +190,7 @@ sub build {
 
     $o->mkpath("$o->{API}{install_lib}/auto/$o->{API}{modpname}");
 
+    ($o->{API}{location}) = $o->{API}{location} =~ /(.*)/ if $o->{CONFIG}{UNTAINT};
     open PYDAT, "> $o->{API}{location}" or
       croak "Inline::Python couldn't write parse information!";
     print PYDAT $namespace;
@@ -207,6 +208,7 @@ sub load {
     return if $o->{ILSM}{loaded};
 
     # Load the code
+    ($o->{API}{location}) = $o->{API}{location} =~ /(.*)/ if $o->{CONFIG}{UNTAINT};
     open PYDAT, $o->{API}{location} or 
       croak "Couldn't open parse info!";
     my $pydat = join '', <PYDAT>;