From 863e4f6e917a707b9b57ee2087bc63a36e01e493 Mon Sep 17 00:00:00 2001
From: Juerd Waalboer <juerd@tnx.nl>
Date: Tue, 20 Oct 2015 22:12:37 +0200
Subject: [PATCH] SECURITY: fix arbitrary code injection in recent transactions
 list.

---
 plugins/users | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/plugins/users b/plugins/users
index 01106d8..988274d 100755
--- a/plugins/users
+++ b/plugins/users
@@ -46,7 +46,7 @@ sub recent {
     my ($n, $u) = @_;
     $n += 0;
     print "Last $n transactions for $u:\n";
-    system "perl -lane'lc(\$F[3]) eq lc('\Q$u\E') or next; s/CHECKOUT\\s+\\S+\\s+\\S+\\s+// or next; s/  #// or next; s/_/ /; print' .revbank.log | tail -n$n";
+    system "perl -lane'lc(\$F[3]) eq lc(q[\Q$u\E]) or next; s/CHECKOUT\\s+\\S+\\s+\\S+\\s+// or next; s/  #// or next; s/_/ /; print' .revbank.log | tail -n$n";
 }
 
 sub balance {