Added escapeshellargs for security reasons

git-svn-id: https://oss.gonicus.de/repositories/gosa/branches/2.6@19477 594d385d-05f5-0310-b6e9-bd551577e9d8

diff --git a/gosa-core/plugins/admin/users/class_userManagement.inc b/gosa-core/plugins/admin/users/class_userManagement.inc
index 1574f72dc785d7f5c66f5a5ebc139476d951f252..97182f56032b5872000b2e6308467d8679618ed4 100644 (file)
--- a/gosa-core/plugins/admin/users/class_userManagement.inc
+++ b/gosa-core/plugins/admin/users/class_userManagement.inc
@@ -341,7 +341,8 @@ class userManagement extends management
                   $ldap->cd($this->config->current['BASE']);
                   $ldap->cat($this->dn,array('uid'));
                   $attrs = $ldap->fetch();
-                  exec($this->config->get_cfg_value("passwordHook")." ".$attrs['uid'][0]." ".$_POST['new_password'], $resarr);
+                  exec($this->config->get_cfg_value("passwordHook")." ".
+                          escapeshellarg($attrs['uid'][0])." ".escapeshellarg($_POST['new_password']), $resarr);
               }
 
               // The user has to change his password on next login