fix tainted input in backup_cfs_database

We can call this module also now over the API through
pvedaemon/pveproxy which have tainting checks on.

Thus we need to untaint the "read existing backups" inputs,
as else this errors out here.

Only triggers when over 10 backups existed already, so this does
not triggers really often in the real world.

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>

diff --git a/data/PVE/Cluster.pm b/data/PVE/Cluster.pm
index 27b1c97206223fbe14a2f7da6a91ffe869bdf3c9..fabf5bcf16978f84022a5f46f6dec1aacdde753f 100644 (file)
--- a/data/PVE/Cluster.pm
+++ b/data/PVE/Cluster.pm
@@ -1762,6 +1762,7 @@ my $backup_cfs_database = sub {
 
     if ((my $count = scalar(@$backups)) > $maxfiles) {
        foreach my $f (@$backups[$maxfiles..$count-1]) {
+           next if $f !~ m/^(\S+)$/; # untaint
            print "delete old backup '$1'\n";
            unlink $1;
        }