From 9bcd2fd54728b9e634442f584268da03acaea633 Mon Sep 17 00:00:00 2001
From: Marius Burkard <m.burkard@pixcept.de>
Date: Fri, 08 Jul 2016 05:50:36 -0400
Subject: [PATCH] Merge branch 'fix-3984' into 'stable-3.1'

---
 server/plugins-available/apache2_plugin.inc.php |    2 +-
 server/plugins-available/cron_plugin.inc.php    |    2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/server/plugins-available/apache2_plugin.inc.php b/server/plugins-available/apache2_plugin.inc.php
index ec92e69..f4b6ab7 100644
--- a/server/plugins-available/apache2_plugin.inc.php
+++ b/server/plugins-available/apache2_plugin.inc.php
@@ -884,7 +884,7 @@
 			}
             
           // get the primitive folder for document_root and the filesystem, will need it later.
-          $df_output=explode(" ", exec("df -T $document_root|awk 'END{print \$2,\$NF}'"));
+          $df_output=explode(" ", exec("df -T " . escapeshellarg($data['new']['document_root']) . "|awk 'END{print \$2,\$NF}'"));
           $file_system = $df_output[0];
           $primitive_root = $df_output[1];
 
diff --git a/server/plugins-available/cron_plugin.inc.php b/server/plugins-available/cron_plugin.inc.php
index b54e971..c7109a5 100644
--- a/server/plugins-available/cron_plugin.inc.php
+++ b/server/plugins-available/cron_plugin.inc.php
@@ -136,7 +136,7 @@
             }
 
             // get the primitive folder for document_root and the filesystem, will need it later.
-            $df_output=explode(" ", exec("df -T $document_root|awk 'END{print \$2,\$NF}'"));
+            $df_output=explode(" ", exec("df -T " . escapeshellarg($parent_domain["document_root"]) . "|awk 'END{print \$2,\$NF}'"));
             $file_system = $df_output[0];
             $primitive_root = $df_output[1];
 

--
Gitblit v1.9.1