Pascal Dreissen
2016-07-08 e8dda462f3b02628b4d878ed2c133f1f04d26a50
escapeshellarg document root for security reasons (fixes #3984)
2 files modified
4 ■■■■ changed files
server/plugins-available/apache2_plugin.inc.php 2 ●●● patch | view | raw | blame | history
server/plugins-available/cron_plugin.inc.php 2 ●●● patch | view | raw | blame | history
server/plugins-available/apache2_plugin.inc.php
@@ -884,7 +884,7 @@
            }
            
          // get the primitive folder for document_root and the filesystem, will need it later.
          $df_output=explode(" ", exec("df -T " . $data['new']['document_root'] . "|awk 'END{print \$2,\$NF}'"));
          $df_output=explode(" ", exec("df -T " . escapeshellarg($data['new']['document_root']) . "|awk 'END{print \$2,\$NF}'"));
          $file_system = $df_output[0];
          $primitive_root = $df_output[1];
server/plugins-available/cron_plugin.inc.php
@@ -136,7 +136,7 @@
            }
            // get the primitive folder for document_root and the filesystem, will need it later.
            $df_output=explode(" ", exec("df -T " . $parent_domain["document_root"] . "|awk 'END{print \$2,\$NF}'"));
            $df_output=explode(" ", exec("df -T " . escapeshellarg($parent_domain["document_root"]) . "|awk 'END{print \$2,\$NF}'"));
            $file_system = $df_output[0];
            $primitive_root = $df_output[1];