From: hickert <hickert@594d385d-05f5-0310-b6e9-bd551577e9d8>
Date: Fri, 27 Aug 2010 12:47:19 +0000 (+0000)
Subject: Added escapeshellargs for security reasons
X-Git-Url: https://git.tokkee.org/?a=commitdiff_plain;h=ed990e6fcdcb9d2534a84f0569d8cb5dffd0f3f0;p=gosa.git

Added escapeshellargs for security reasons

git-svn-id: https://oss.gonicus.de/repositories/gosa/branches/2.6@19477 594d385d-05f5-0310-b6e9-bd551577e9d8
---

diff --git a/gosa-core/plugins/admin/users/class_userManagement.inc b/gosa-core/plugins/admin/users/class_userManagement.inc
index 1574f72dc..97182f560 100644
--- a/gosa-core/plugins/admin/users/class_userManagement.inc
+++ b/gosa-core/plugins/admin/users/class_userManagement.inc
@@ -341,7 +341,8 @@ class userManagement extends management
                   $ldap->cd($this->config->current['BASE']);
                   $ldap->cat($this->dn,array('uid'));
                   $attrs = $ldap->fetch();
-                  exec($this->config->get_cfg_value("passwordHook")." ".$attrs['uid'][0]." ".$_POST['new_password'], $resarr);
+                  exec($this->config->get_cfg_value("passwordHook")." ".
+                          escapeshellarg($attrs['uid'][0])." ".escapeshellarg($_POST['new_password']), $resarr);
               }
 
               // The user has to change his password on next login