--- loncom/Attic/lcuseradd	2004/08/05 10:56:55	1.26
+++ loncom/Attic/lcuseradd	2004/08/05 20:47:27	1.27
@@ -5,16 +5,8 @@
 # lcuseradd - LON-CAPA setuid script to coordinate all actions
 #             with adding a user with filesystem privileges (e.g. author)
 #
-# YEAR=2002
-#   May 19, 2002 Ron Fox
-#      - Removed creation of the pulic_html directory.  This directory
-#        can now be added in two ways:
-#        o The user can add it themselves if they want some local web
-#          space which may or may not contain construction items.
-#        o LonCapa will add it if/when the user is granted an Author
-#          role.
 #
-# $Id: lcuseradd,v 1.26 2004/08/05 10:56:55 foxr Exp $
+# $Id: lcuseradd,v 1.27 2004/08/05 20:47:27 albertel Exp $
 ###
 
 ###############################################################################
@@ -258,6 +250,9 @@ if ($status) {
 print "Done adding user\n" unless $noprint;
 # Make www a member of that user group.
 my $groups=`/usr/bin/groups www` or &Exit(6);
+# untaint
+my ($safegroups)=($groups=~/([\s\w]+)/);
+$groups=$safegroups;
 chomp $groups; $groups=~s/^\S+\s+\:\s+//;
 my @grouplist=split(/\s+/,$groups);
 my @ugrouplist=grep {!/www|$safeusername/} @grouplist;
@@ -324,9 +319,9 @@ if (-e '/var/run/httpd.pid') {
     open(PID,'/var/run/httpd.pid');
     my $pid=<PID>;
     close(PID);
-    $pid=~s/\D+//g;
+    my ($safepid)=($pid=~s/(\D+)//g);
     if ($pid) {
-	system('kill','-USR1',"$pid");
+	system('kill','-USR1',"$safepid");
     }
 }
 # -------------------------------------------------------- Exit script