From 676dd14daa242c7dbeaf169aae09da36115e997d Mon Sep 17 00:00:00 2001
From: Marius Burkard <m.burkard@pixcept.de>
Date: Fri, 19 Feb 2016 07:08:48 -0500
Subject: [PATCH] - replaces escapeshellcmd by escapeshellarg (Fixes #3456)

---
 server/plugins-available/backup_plugin.inc.php |    2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)

diff --git a/server/plugins-available/backup_plugin.inc.php b/server/plugins-available/backup_plugin.inc.php
index 167ef42..3e4fad6 100644
--- a/server/plugins-available/backup_plugin.inc.php
+++ b/server/plugins-available/backup_plugin.inc.php
@@ -127,7 +127,7 @@
 						//$db_name = $parts[1];
 						preg_match('@^db_(.+)_\d{4}-\d{2}-\d{2}_\d{2}-\d{2}\.sql\.gz$@', $backup['filename'], $matches);
 						$db_name = $matches[1];
-						$command = "gunzip --stdout ".escapeshellarg($backup_dir.'/'.$backup['filename'])." | mysql -h '".escapeshellcmd($clientdb_host)."' -u '".escapeshellcmd($clientdb_user)."' -p'".escapeshellcmd($clientdb_password)."' '".$db_name."'";
+						$command = "gunzip --stdout ".escapeshellarg($backup_dir.'/'.$backup['filename'])." | mysql -h '".escapeshellarg($clientdb_host)."' -u '".escapeshellarg($clientdb_user)."' -p'".escapeshellarg($clientdb_password)."' '".$db_name."'";
 						exec($command);
 					}
 					unset($clientdb_host);

--
Gitblit v1.9.1