diff -Nur -x '*.orig' -x '*.rej' e-smith-quota-1.10.0/root/usr/lib/perl5/site_perl/esmith/FormMagick/Panel/quota.pm mezzanine_patched_e-smith-quota-1.10.0/root/usr/lib/perl5/site_perl/esmith/FormMagick/Panel/quota.pm
--- e-smith-quota-1.10.0/root/usr/lib/perl5/site_perl/esmith/FormMagick/Panel/quota.pm	2006-07-17 03:38:24.000870928 +1000
+++ mezzanine_patched_e-smith-quota-1.10.0/root/usr/lib/perl5/site_perl/esmith/FormMagick/Panel/quota.pm	2006-07-17 03:35:43.042014668 +1000
@@ -318,7 +318,7 @@
     $rec->set_prop('MaxBlocksSoftLim', $softlim);
 
     # Untaint $acct before using in system().
-    $acct =~ /(\w*)/; $acct = $1;
+    $acct =~ /^(\w[\-\w_\.]+)$/; $acct = $1;
     system ("/sbin/e-smith/signal-event", "user-modify", "$acct") == 0
         or die ($self->localise('ERR_MODIFYING')."\n");