From 54fd9122644d8cc2b302cc7e870155059e595da7 Mon Sep 17 00:00:00 2001
From: Hisham Muhammad <hisham@gobolinux.org>
Date: Mon, 28 Oct 2013 14:57:14 -0200
Subject: Add escaping of ]] preventing code injection as contributed by
 @siffiejoe. See #154, #167.

---
 Makefile | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

(limited to 'Makefile')

diff --git a/Makefile b/Makefile
index cb7dbd09..b2701aa3 100644
--- a/Makefile
+++ b/Makefile
@@ -25,6 +25,8 @@ purge.lua path.lua write_rockspec.lua
 
 CONFIG_FILE = $(SYSCONFDIR)/config-$(LUA_VERSION).lua
 
+SAFEPWD=`echo "$$PWD" | sed -e 's/\([][]\)\1/]]..'\''\1\1'\''..[[/g' -`
+
 all: 
 	@echo "- Type 'make build' and 'make install':"
 	@echo "  to install to $(PREFIX) as usual."
@@ -174,6 +176,6 @@ write_sysconfig: built
 install: install_bins install_luas install_site_config write_sysconfig
 
 bootstrap: src/luarocks/site_config.lua install_site_config write_sysconfig
-	'$(LUA_BINDIR)/lua$(LUA_SUFFIX)' -e "package.path=[[$$PWD/src/?.lua;]]..package.path" src/bin/luarocks make rockspec --tree="$(PREFIX)"
+	'$(LUA_BINDIR)/lua$(LUA_SUFFIX)' -e "package.path=[[$(SAFEPWD)/src/?.lua;]]..package.path" src/bin/luarocks make rockspec --tree="$(PREFIX)"
 
 install_rock: install_bins install_luas
-- 
cgit v1.2.3-55-g6feb