X-Git-Url: https://git.proxmox.com/?p=pve-access-control.git;a=blobdiff_plain;f=PVE%2FRPCEnvironment.pm;fp=PVE%2FRPCEnvironment.pm;h=faa4fb2486e8ad5d5896cf862c1afe7da6154c8e;hp=7532e9eca0245dd76f11d75dcd3c9c85081c840f;hb=1e15ebe7b535fde0da6205dff7efda781f1aaca9;hpb=437be042c2497a1956b359bb9e2797f838a37340

diff --git a/PVE/RPCEnvironment.pm b/PVE/RPCEnvironment.pm
index 7532e9e..faa4fb2 100644
--- a/PVE/RPCEnvironment.pm
+++ b/PVE/RPCEnvironment.pm
@@ -304,6 +304,9 @@ sub check_volume_access {
 	    if $user ne 'root@pam';
 
 	$path = abs_path($volid);
+	if ($path =~ m|^(/.+)$|) {
+	    $path = $1; # untaint any path
+	}
     }
     return $path;
 }