From ee7f83aedef46e08833a6ef8875e941a8657a5c1 Mon Sep 17 00:00:00 2001 From: "Michael Kaufmann (d00p)" Date: Wed, 10 Mar 2010 12:19:20 +0000 Subject: [PATCH] - correcting safe_exec check in function.safe_exec.php, fixes #56 --- lib/functions/filedir/function.safe_exec.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/functions/filedir/function.safe_exec.php b/lib/functions/filedir/function.safe_exec.php index 28b9c6c1..e72fdb00 100644 --- a/lib/functions/filedir/function.safe_exec.php +++ b/lib/functions/filedir/function.safe_exec.php @@ -82,7 +82,7 @@ function safe_exec($exec_string, &$return_value = false) $ok = false; foreach($allowed_commands as $allowed_command) { - if(strpos($exec_string, $allowed_command) == 0 + if(strpos($exec_string, $allowed_command) === 0 && (strlen($exec_string) === ($allowed_command_pos = strlen($allowed_command)) || substr($exec_string, $allowed_command_pos, 1) === ' ')) { $ok = true;