maketank/Froxlor
2
0
Fork 0
Code Pull Requests Releases Activity

Security fix: unescaped commandline argument (thanks to Bernhard Czech (sinuswave))

Browse Source 
Signed-off-by: Christoph Burchert (Chb) <derchb@froxlor.org>
This commit is contained in:
Christoph Burchert (Chb)
2011-09-05 14:31:03 +02:00
parent 4914fc640a
commit ca2a8c9907
2 changed files with 4 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
scripts/jobs/cron_tasks.php
View File

@@ -118,7 +118,7 @@ while($row = $db->fetch_array($result_tasks))
// now get rid of old stuff
//(but append /* so we don't delete the directory)
$configdir.='/*';
safe_exec('rm -rf '. makeCorrectFile($configdir));
safe_exec('rm -rf '. escapeshellarg(makeCorrectFile($configdir)));
}
}
@@ -132,7 +132,7 @@ while($row = $db->fetch_array($result_tasks))
// now get rid of old stuff
//(but append /* so we don't delete the directory)
$configdir.='/*';
safe_exec('rm -rf '. makeCorrectFile($configdir));
safe_exec('rm -rf '. escapeshellarg(makeCorrectFile($configdir)));
}
}