Added escapeshellargs for security reasons

author hickert <hickert@594d385d-05f5-0310-b6e9-bd551577e9d8>

Fri, 27 Aug 2010 12:47:04 +0000 (12:47 +0000)

committer hickert <hickert@594d385d-05f5-0310-b6e9-bd551577e9d8>

Fri, 27 Aug 2010 12:47:04 +0000 (12:47 +0000)
author hickert <hickert@594d385d-05f5-0310-b6e9-bd551577e9d8>
Fri, 27 Aug 2010 12:47:04 +0000 (12:47 +0000)
committer hickert <hickert@594d385d-05f5-0310-b6e9-bd551577e9d8>
Fri, 27 Aug 2010 12:47:04 +0000 (12:47 +0000)
diff --git a/gosa-core/html/password.php b/gosa-core/html/password.php

index 405dbb47a6aea6a3003244677e90ff56ef22737e..1a378f7e025f00eaf05ffdc5c093022e873dd87c 100644 (file)
--- a/gosa-core/html/password.php
+++ b/gosa-core/html/password.php
@@ -239,8 +239,8 @@ if ($_SERVER["REQUEST_METHOD"] == "POST" && isset($_POST['apply'])){
           /* Passed quality check, just try to change the password now */
           $output= "";
           if ($config->get_cfg_value("passwordHook") != ""){
-                 exec($config->get_cfg_value("passwordHook")." ".$ui->username." ".
-                                 $_POST['current_password']." ".$_POST['new_password'], $resarr);
+                 exec($config->get_cfg_value("passwordHook")." ".escapeshellarg($ui->username)." ".
+                                 escapeshellarg($_POST['current_password'])." ".escapeshellarg($_POST['new_password']), $resarr);
                   if(count($resarr) > 0) {
                           $output= join('\n', $resarr);
                   }
author	hickert <hickert@594d385d-05f5-0310-b6e9-bd551577e9d8>
	Fri, 27 Aug 2010 12:47:04 +0000 (12:47 +0000)
committer	hickert <hickert@594d385d-05f5-0310-b6e9-bd551577e9d8>
	Fri, 27 Aug 2010 12:47:04 +0000 (12:47 +0000)