index 9a06ea1c1e47aa6fed77ac3d5a09eaa38035d541..f2e0a911188473df929eb75268d8d6f0b92cd0e3 100644 (file)
$command= $config->get_cfg_value("baseIdHook");
if ($command != ""){
- $command.= " '".LDAP::fix($dn)."' $attrib";
+ $command.= " ".escapeshellarg(LDAP::fix($dn))." ".escapeshellarg($attrib);
if (check_command($command)){
@DEBUG (DEBUG_SHELL, __LINE__, __FUNCTION__, __FILE__, $command, "Execute");
exec($command, $output);
if ($command != ""){
/* Walk through attribute list */
- $command= preg_replace("/%userPassword/", $password, $command);
- $command= preg_replace("/%dn/", $dn, $command);
+ $command= preg_replace("/%userPassword/", escapeshellarg($password), $command);
+ $command= preg_replace("/%dn/", escapeshellarg($dn), $command);
if (check_command($command)){
@DEBUG (DEBUG_SHELL, __LINE__, __FUNCTION__, __FILE__, $command, "Execute");