From: hickert Date: Fri, 27 Aug 2010 12:47:12 +0000 (+0000) Subject: Added escapeshellargs for security reasons X-Git-Url: https://git.tokkee.org/?a=commitdiff_plain;h=2f7303c00e37729b176ca5e645d97e555aa1c4fd;p=gosa.git Added escapeshellargs for security reasons git-svn-id: https://oss.gonicus.de/repositories/gosa/branches/2.6@19474 594d385d-05f5-0310-b6e9-bd551577e9d8 --- diff --git a/gosa-core/include/functions.inc b/gosa-core/include/functions.inc index 9a06ea1c1..f2e0a9111 100644 --- a/gosa-core/include/functions.inc +++ b/gosa-core/include/functions.inc @@ -2676,7 +2676,7 @@ function get_base_from_hook($dn, $attrib) $command= $config->get_cfg_value("baseIdHook"); if ($command != ""){ - $command.= " '".LDAP::fix($dn)."' $attrib"; + $command.= " ".escapeshellarg(LDAP::fix($dn))." ".escapeshellarg($attrib); if (check_command($command)){ @DEBUG (DEBUG_SHELL, __LINE__, __FUNCTION__, __FILE__, $command, "Execute"); exec($command, $output); @@ -3059,8 +3059,8 @@ function change_password ($dn, $password, $mode=0, $hash= "") if ($command != ""){ /* Walk through attribute list */ - $command= preg_replace("/%userPassword/", $password, $command); - $command= preg_replace("/%dn/", $dn, $command); + $command= preg_replace("/%userPassword/", escapeshellarg($password), $command); + $command= preg_replace("/%dn/", escapeshellarg($dn), $command); if (check_command($command)){ @DEBUG (DEBUG_SHELL, __LINE__, __FUNCTION__, __FILE__, $command, "Execute");