From 53385e10ea9e8a21109fd0d6906a1fd801089077 Mon Sep 17 00:00:00 2001
From: hickert <hickert@594d385d-05f5-0310-b6e9-bd551577e9d8>
Date: Fri, 27 Aug 2010 12:47:21 +0000
Subject: [PATCH] Added escapeshellargs for security reasons

git-svn-id: https://oss.gonicus.de/repositories/gosa/branches/2.6@19478 594d385d-05f5-0310-b6e9-bd551577e9d8
---
 gosa-core/plugins/personal/password/class_password.inc | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/gosa-core/plugins/personal/password/class_password.inc b/gosa-core/plugins/personal/password/class_password.inc
index b6bf8becf..cb3b43fcd 100644
--- a/gosa-core/plugins/personal/password/class_password.inc
+++ b/gosa-core/plugins/personal/password/class_password.inc
@@ -111,7 +111,8 @@ class password extends plugin
 
       /* Call external password quality hook ?*/
       $check_hook   = $this->config->get_cfg_value("passwordHook") != "";
-      $hook         = $this->config->get_cfg_value("passwordHook")." ".$ui->username." ".$current_password." ".$new_password;
+      $hook         = $this->config->get_cfg_value("passwordHook")." ".
+          escapeshellarg($ui->username)." ".escapeshellarg($current_password)." ".escapeshellarg($new_password);
       if($check_hook){
         exec($hook,$resarr);
         $check_hook_output = "";
-- 
2.30.2