From f9d7c4117c3f604fae2b4c7f1e36e1a028c175bc Mon Sep 17 00:00:00 2001
From: hickert <hickert@594d385d-05f5-0310-b6e9-bd551577e9d8>
Date: Fri, 27 Aug 2010 12:47:14 +0000
Subject: [PATCH] Added escapeshellargs for security reasons

git-svn-id: https://oss.gonicus.de/repositories/gosa/branches/2.6@19475 594d385d-05f5-0310-b6e9-bd551577e9d8
---
 .../addressbook/addons/addressbook/class_addressbook.inc       | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/gosa-plugins/addressbook/addons/addressbook/class_addressbook.inc b/gosa-plugins/addressbook/addons/addressbook/class_addressbook.inc
index f9f0aa5fe..a3ac8d8e3 100644
--- a/gosa-plugins/addressbook/addons/addressbook/class_addressbook.inc
+++ b/gosa-plugins/addressbook/addons/addressbook/class_addressbook.inc
@@ -206,7 +206,8 @@ class addressbook extends plugin
 
     /* Finally dial */
     if (isset($_POST['dial']) && session::is_set('source') && session::is_set('target')){
-      exec ($this->config->get_cfg_value("ctiHook")." '".session::get('source')."' '".session::get('target')."'", $dummy, $retval);
+      exec ($this->config->get_cfg_value("ctiHook")." ".
+            escapeshellarg(session::get('source'))." ".escapeshellarg(session::get('target')), $dummy, $retval);
       session::un_set('source');
       session::un_set('target');
     }
-- 
2.30.2