Added escapeshellargs for security reasons

git-svn-id: https://oss.gonicus.de/repositories/gosa/branches/2.6@19473 594d385d-05f5-0310-b6e9-bd551577e9d8

diff --git a/gosa-core/include/class_plugin.inc b/gosa-core/include/class_plugin.inc
index f089bc5279bc0df09bd97ca52d4ea1fd144b20ec..42e2a4422d4e681d823eac55fb15557aa98c0126 100644 (file)
--- a/gosa-core/include/class_plugin.inc
+++ b/gosa-core/include/class_plugin.inc
@@ -663,7 +663,7 @@ class plugin
       /* Additional attributes */
       foreach ($tmp as $name => $len){
         $value = $add_attrs[$name];
-        $command= str_replace("%$name", "$value", $command);
+        $command= str_replace("%$name", escapeshellarg($value), $command);
       }
 
       if (check_command($command)){
@@ -709,7 +709,7 @@ class plugin
       /* Additional attributes */
       foreach ($tmp as $name => $len){
         $value = $add_attrs[$name];
-        $command= str_replace("%$name", "$value", $command);
+        $command= str_replace("%$name", escapeshellarg($value), $command);
       }
 
       if (check_command($command)){
@@ -753,7 +753,7 @@ class plugin
       /* Additional attributes */
       foreach ($tmp as $name => $len){
         $value = $add_attrs[$name];
-        $command= str_replace("%$name", "$value", $command);
+        $command= str_replace("%$name", escapeshellarg($value), $command);
       }
 
       if (check_command($command)){
@@ -1252,7 +1252,7 @@ class plugin
                   if(!is_string($value) && !is_int($value) && !is_float($value) && !is_bool($value)){
                       continue;
                   }
-                  $command= preg_replace("/%$name/", $value, $command);
+                  $command= preg_replace("/%$name/", escapeshellarg($value), $command);
               }
           }