From 4663609db1c5e6180b731bb4dbbfe420067d63a3 Mon Sep 17 00:00:00 2001 From: hickert Date: Thu, 26 Aug 2010 13:46:31 +0000 Subject: [PATCH] Fixed problem with script parameter they wasn't escaped. git-svn-id: https://oss.gonicus.de/repositories/gosa/trunk@19466 594d385d-05f5-0310-b6e9-bd551577e9d8 --- gosa-core/include/class_plugin.inc | 2 +- gosa-core/include/functions.inc | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/gosa-core/include/class_plugin.inc b/gosa-core/include/class_plugin.inc index ba5c715c7..6b8789659 100644 --- a/gosa-core/include/class_plugin.inc +++ b/gosa-core/include/class_plugin.inc @@ -1630,7 +1630,7 @@ class plugin if(!is_string($value) && !is_int($value) && !is_float($value) && !is_bool($value)){ continue; } - $command= preg_replace("/%$name/", $value, $command); + $command= preg_replace("/%$name/", escapeshellarg($value), $command); } } diff --git a/gosa-core/include/functions.inc b/gosa-core/include/functions.inc index 9ac8c7755..f592449fd 100644 --- a/gosa-core/include/functions.inc +++ b/gosa-core/include/functions.inc @@ -3099,8 +3099,8 @@ function change_password ($dn, $password, $mode=0, $hash= "") if ($command != ""){ /* Walk through attribute list */ - $command= preg_replace("/%userPassword/", $password, $command); - $command= preg_replace("/%dn/", $dn, $command); + $command= preg_replace("/%userPassword/", escapeshellarg($password), $command); + $command= preg_replace("/%dn/", escapeshellarg($dn), $command); if (check_command($command)){ @DEBUG (DEBUG_SHELL, __LINE__, __FUNCTION__, __FILE__, $command, "Execute"); -- 2.30.2