From: hickert <hickert@594d385d-05f5-0310-b6e9-bd551577e9d8>
Date: Fri, 27 Aug 2010 12:47:21 +0000 (+0000)
Subject: Added escapeshellargs for security reasons
X-Git-Url: https://git.tokkee.org/?a=commitdiff_plain;h=53385e10ea9e8a21109fd0d6906a1fd801089077;p=gosa.git

Added escapeshellargs for security reasons

git-svn-id: https://oss.gonicus.de/repositories/gosa/branches/2.6@19478 594d385d-05f5-0310-b6e9-bd551577e9d8
---

diff --git a/gosa-core/plugins/personal/password/class_password.inc b/gosa-core/plugins/personal/password/class_password.inc
index b6bf8becf..cb3b43fcd 100644
--- a/gosa-core/plugins/personal/password/class_password.inc
+++ b/gosa-core/plugins/personal/password/class_password.inc
@@ -111,7 +111,8 @@ class password extends plugin
 
       /* Call external password quality hook ?*/
       $check_hook   = $this->config->get_cfg_value("passwordHook") != "";
-      $hook         = $this->config->get_cfg_value("passwordHook")." ".$ui->username." ".$current_password." ".$new_password;
+      $hook         = $this->config->get_cfg_value("passwordHook")." ".
+          escapeshellarg($ui->username)." ".escapeshellarg($current_password)." ".escapeshellarg($new_password);
       if($check_hook){
         exec($hook,$resarr);
         $check_hook_output = "";