![[tokkee]](http://tokkee.org/images/avatar.png){kind=avatar}
diff --git a/gosa-core/plugins/admin/users/class_userManagement.inc b/gosa-core/plugins/admin/users/class_userManagement.inc
index 1574f72dc785d7f5c66f5a5ebc139476d951f252..97182f56032b5872000b2e6308467d8679618ed4 100644 (file)
$ldap->cd($this->config->current['BASE']);
$ldap->cat($this->dn,array('uid'));
$attrs = $ldap->fetch();
- exec($this->config->get_cfg_value("passwordHook")." ".$attrs['uid'][0]." ".$_POST['new_password'], $resarr);
+ exec($this->config->get_cfg_value("passwordHook")." ".
+ escapeshellarg($attrs['uid'][0])." ".escapeshellarg($_POST['new_password']), $resarr);
}
// The user has to change his password on next login