From 717dd04f924643639d4c1927088ee0428d5fca25 Mon Sep 17 00:00:00 2001
From: hickert <hickert@594d385d-05f5-0310-b6e9-bd551577e9d8>
Date: Fri, 27 Aug 2010 12:47:04 +0000
Subject: [PATCH] Added escapeshellargs for security reasons

git-svn-id: https://oss.gonicus.de/repositories/gosa/branches/2.6@19471 594d385d-05f5-0310-b6e9-bd551577e9d8
---
 gosa-core/html/password.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/gosa-core/html/password.php b/gosa-core/html/password.php
index 405dbb47a..1a378f7e0 100644
--- a/gosa-core/html/password.php
+++ b/gosa-core/html/password.php
@@ -239,8 +239,8 @@ if ($_SERVER["REQUEST_METHOD"] == "POST" && isset($_POST['apply'])){
 	  /* Passed quality check, just try to change the password now */
 	  $output= "";
 	  if ($config->get_cfg_value("passwordHook") != ""){
-		  exec($config->get_cfg_value("passwordHook")." ".$ui->username." ".
-				  $_POST['current_password']." ".$_POST['new_password'], $resarr);
+		  exec($config->get_cfg_value("passwordHook")." ".escapeshellarg($ui->username)." ".
+				  escapeshellarg($_POST['current_password'])." ".escapeshellarg($_POST['new_password']), $resarr);
 		  if(count($resarr) > 0) {
 			  $output= join('\n', $resarr);
 		  }
-- 
2.30.2