Permalink
Browse files

Merge pull request #811 from evertton/command-injection

Fixes command injection in filemanager/download.php
  • Loading branch information...
2 parents 7b01d10 + dad3f56 commit d76cf0f8627126b2f68f0d78e60d6edc58bac2ee @daeks daeks committed May 5, 2015
Showing with 2 additions and 2 deletions.
  1. +2 −2 components/filemanager/download.php
@@ -47,7 +47,7 @@
# Execute the tar command and save file
$filename .= '.tar.gz';
- system("tar -pczf ".$targetPath.$filename." -C ".WORKSPACE." ".$_GET['path']);
+ system("tar -pczf ".escapeshellarg($targetPath.$filename)." -C ".escapeshellarg(WORKSPACE)." ".escapeshellarg($_GET['path']));
$download_file = $targetPath.$filename;
}elseif(extension_loaded('zip')){ //Check if zip-Extension is availiable
//build zipfile
@@ -67,7 +67,7 @@
header('Content-Description: File Transfer');
header('Content-Type: application/octet-stream');
- header('Content-Disposition: attachment; filename='.basename($filename));
+ header('Content-Disposition: attachment; filename="'.basename($filename).'"');
header('Content-Transfer-Encoding: binary');
header('Expires: 0');
header('Cache-Control: must-revalidate');

0 comments on commit d76cf0f

Please sign in to comment.