From: hickert <hickert@594d385d-05f5-0310-b6e9-bd551577e9d8>
Date: Fri, 27 Aug 2010 12:47:09 +0000 (+0000)
Subject: Added escapeshellargs for security reasons
X-Git-Url: https://git.tokkee.org/?a=commitdiff_plain;h=c04fc7a4bcba5f9d9fb4d91ae86c59a80c03edb6;p=gosa.git

Added escapeshellargs for security reasons

git-svn-id: https://oss.gonicus.de/repositories/gosa/branches/2.6@19473 594d385d-05f5-0310-b6e9-bd551577e9d8
---

diff --git a/gosa-core/include/class_plugin.inc b/gosa-core/include/class_plugin.inc
index f089bc527..42e2a4422 100644
--- a/gosa-core/include/class_plugin.inc
+++ b/gosa-core/include/class_plugin.inc
@@ -663,7 +663,7 @@ class plugin
       /* Additional attributes */
       foreach ($tmp as $name => $len){
         $value = $add_attrs[$name];
-        $command= str_replace("%$name", "$value", $command);
+        $command= str_replace("%$name", escapeshellarg($value), $command);
       }
 
       if (check_command($command)){
@@ -709,7 +709,7 @@ class plugin
       /* Additional attributes */
       foreach ($tmp as $name => $len){
         $value = $add_attrs[$name];
-        $command= str_replace("%$name", "$value", $command);
+        $command= str_replace("%$name", escapeshellarg($value), $command);
       }
 
       if (check_command($command)){
@@ -753,7 +753,7 @@ class plugin
       /* Additional attributes */
       foreach ($tmp as $name => $len){
         $value = $add_attrs[$name];
-        $command= str_replace("%$name", "$value", $command);
+        $command= str_replace("%$name", escapeshellarg($value), $command);
       }
 
       if (check_command($command)){
@@ -1252,7 +1252,7 @@ class plugin
                   if(!is_string($value) && !is_int($value) && !is_float($value) && !is_bool($value)){
                       continue;
                   }
-                  $command= preg_replace("/%$name/", $value, $command);
+                  $command= preg_replace("/%$name/", escapeshellarg($value), $command);
               }
           }