From: hickert <hickert@594d385d-05f5-0310-b6e9-bd551577e9d8>
Date: Thu, 26 Aug 2010 13:46:31 +0000 (+0000)
Subject: Fixed problem with script parameter they wasn't escaped.
X-Git-Url: https://git.tokkee.org/?a=commitdiff_plain;h=4663609db1c5e6180b731bb4dbbfe420067d63a3;p=gosa.git

Fixed problem with script parameter they wasn't escaped.


git-svn-id: https://oss.gonicus.de/repositories/gosa/trunk@19466 594d385d-05f5-0310-b6e9-bd551577e9d8
---

diff --git a/gosa-core/include/class_plugin.inc b/gosa-core/include/class_plugin.inc
index ba5c715c7..6b8789659 100644
--- a/gosa-core/include/class_plugin.inc
+++ b/gosa-core/include/class_plugin.inc
@@ -1630,7 +1630,7 @@ class plugin
           if(!is_string($value) && !is_int($value) && !is_float($value) && !is_bool($value)){
             continue;
           }
-          $command= preg_replace("/%$name/", $value, $command);
+          $command= preg_replace("/%$name/", escapeshellarg($value), $command);
         }
       }
 
diff --git a/gosa-core/include/functions.inc b/gosa-core/include/functions.inc
index 9ac8c7755..f592449fd 100644
--- a/gosa-core/include/functions.inc
+++ b/gosa-core/include/functions.inc
@@ -3099,8 +3099,8 @@ function change_password ($dn, $password, $mode=0, $hash= "")
 
       if ($command != ""){
         /* Walk through attribute list */
-        $command= preg_replace("/%userPassword/", $password, $command);
-        $command= preg_replace("/%dn/", $dn, $command);
+        $command= preg_replace("/%userPassword/", escapeshellarg($password), $command);
+        $command= preg_replace("/%dn/", escapeshellarg($dn), $command);
 
         if (check_command($command)){
           @DEBUG (DEBUG_SHELL, __LINE__, __FUNCTION__, __FILE__, $command, "Execute");