From: hickert Date: Fri, 27 Aug 2010 12:47:14 +0000 (+0000) Subject: Added escapeshellargs for security reasons X-Git-Url: https://git.tokkee.org/?a=commitdiff_plain;h=f9d7c4117c3f604fae2b4c7f1e36e1a028c175bc;p=gosa.git Added escapeshellargs for security reasons git-svn-id: https://oss.gonicus.de/repositories/gosa/branches/2.6@19475 594d385d-05f5-0310-b6e9-bd551577e9d8 --- diff --git a/gosa-plugins/addressbook/addons/addressbook/class_addressbook.inc b/gosa-plugins/addressbook/addons/addressbook/class_addressbook.inc index f9f0aa5fe..a3ac8d8e3 100644 --- a/gosa-plugins/addressbook/addons/addressbook/class_addressbook.inc +++ b/gosa-plugins/addressbook/addons/addressbook/class_addressbook.inc @@ -206,7 +206,8 @@ class addressbook extends plugin /* Finally dial */ if (isset($_POST['dial']) && session::is_set('source') && session::is_set('target')){ - exec ($this->config->get_cfg_value("ctiHook")." '".session::get('source')."' '".session::get('target')."'", $dummy, $retval); + exec ($this->config->get_cfg_value("ctiHook")." ". + escapeshellarg(session::get('source'))." ".escapeshellarg(session::get('target')), $dummy, $retval); session::un_set('source'); session::un_set('target'); }