Skip to content
This repository has been archived by the owner on Jun 30, 2018. It is now read-only.
Permalink
Browse files Browse the repository at this point in the history
Fix shell injections
No dynamic parameters should be passed shell_exec() without
being properly escaped
  • Loading branch information
LeSuisse committed Jul 7, 2017
1 parent a23607c commit 1606217
Show file tree
Hide file tree
Showing 13 changed files with 28 additions and 28 deletions.
4 changes: 2 additions & 2 deletions include/controller/Controller_GraphData.class.php
Expand Up @@ -76,7 +76,7 @@ protected function LoadData()

$data = array();

$commits = explode("\n", $this->exe->Execute($this->GetProject()->GetPath(), 'rev-list', array('--format=format:"%H %ct"', $head->GetHash())));
$commits = explode("\n", $this->exe->Execute($this->GetProject()->GetPath(), 'rev-list', array('--format=format:"%H %ct"', escapeshellarg($head->GetHash()))));
foreach ($commits as $commit) {
if (preg_match('/^([0-9a-fA-F]{40}) ([0-9]+)$/', $commit, $regs)) {
$data[] = array('CommitEpoch' => (int)$regs[2]);
Expand All @@ -90,7 +90,7 @@ protected function LoadData()
include_once(GITPHP_GESHIDIR . "geshi.php");
$geshi = new GeSHi("",'php');

$files = explode("\n", $this->exe->Execute($this->GetProject()->GetPath(), 'ls-tree', array('-r', '--name-only', $head->GetTree()->GetHash())));
$files = explode("\n", $this->exe->Execute($this->GetProject()->GetPath(), 'ls-tree', array('-r', '--name-only', escapeshellarg($head->GetTree()->GetHash()))));
foreach ($files as $file) {
$filename = GitPHP_Util::BaseName($file);
$lang = GitPHP_Util::GeshiFilenameToLanguage($filename);
Expand Down
4 changes: 2 additions & 2 deletions include/git/FileBlame.class.php
Expand Up @@ -141,9 +141,9 @@ private function LoadData()
$args = array();
$args[] = '-s';
$args[] = '-l';
$args[] = $this->commitHash;
$args[] = escapeshellarg($this->commitHash);
$args[] = '--';
$args[] = $this->path;
$args[] = escapeshellarg($this->path);

$blamelines = explode("\n", $this->exe->Execute($this->project->GetPath(), GIT_BLAME, $args));

Expand Down
10 changes: 5 additions & 5 deletions include/git/FileHistory.class.php
Expand Up @@ -265,27 +265,27 @@ protected function LoadData()

if ($canSkip) {
if ($this->limit > 0) {
$args[] = '--max-count=' . $this->limit;
$args[] = '--max-count=' . escapeshellarg($this->limit);
}
if ($this->skip > 0) {
$args[] = '--skip=' . $this->skip;
$args[] = '--skip=' . escapeshellarg($this->skip);
}
} else {
if ($this->limit > 0) {
$args[] = '--max-count=' . ($this->limit + $this->skip);
$args[] = '--max-count=' . escapeshellarg($this->limit + $this->skip);
}
}

$args[] = '--';
$args[] = $this->path;
$args[] = escapeshellarg($this->path);
$args[] = '|';
$args[] = $this->exe->GetBinary();
$args[] = '--git-dir=' . escapeshellarg($this->project->GetPath());
$args[] = GIT_DIFF_TREE;
$args[] = '-r';
$args[] = '--stdin';
$args[] = '--';
$args[] = $this->path;
$args[] = escapeshellarg($this->path);

$historylines = explode("\n", $this->exe->Execute($this->project->GetPath(), GIT_REV_LIST, $args));

Expand Down
4 changes: 2 additions & 2 deletions include/git/FileSearch.class.php
Expand Up @@ -382,8 +382,8 @@ private function SearchFileContents()
$args[] = '--ignore-case';
$args[] = '-n';
$args[] = '-e';
$args[] = '"' . addslashes($this->search) . '"';
$args[] = $this->treeHash;
$args[] = escapeshellarg($this->search);
$args[] = escapeshellarg($this->treeHash);

$lines = explode("\n", $this->exe->Execute($this->project->GetPath(), GIT_GREP, $args));

Expand Down
4 changes: 2 additions & 2 deletions include/git/TreeDiff.class.php
Expand Up @@ -121,9 +121,9 @@ private function ReadData()
if (empty($this->fromHash))
$args[] = '--root';
else
$args[] = $this->fromHash;
$args[] = escapeshellarg($this->fromHash);

$args[] = $this->toHash;
$args[] = escapeshellarg($this->toHash);

$diffTreeLines = explode("\n", $this->exe->Execute($this->GetProject()->GetPath(), GIT_DIFF_TREE, $args));
foreach ($diffTreeLines as $line) {
Expand Down
2 changes: 1 addition & 1 deletion include/git/blob/BlobLoad_Base.class.php
Expand Up @@ -42,7 +42,7 @@ protected function LoadSize($blob)

$args = array();
$args[] = '-s';
$args[] = $blob->GetHash();
$args[] = escapeshellarg($blob->GetHash());

return $this->exe->Execute($blob->GetProject()->GetPath(), GIT_CAT_FILE, $args);
}
Expand Down
2 changes: 1 addition & 1 deletion include/git/commit/CommitLoad_Base.class.php
Expand Up @@ -42,7 +42,7 @@ public function LoadContainingTag($commit)

$args = array();
$args[] = '--tags';
$args[] = $commit->GetHash();
$args[] = escapeshellarg($commit->GetHash());
$revs = explode("\n", $this->exe->Execute($commit->GetProject()->GetPath(), GIT_NAME_REV, $args));

foreach ($revs as $revline) {
Expand Down
4 changes: 2 additions & 2 deletions include/git/project/ProjectLoad_Git.class.php
Expand Up @@ -89,7 +89,7 @@ public function ExpandHash($project, $abbrevHash)
$args = array();
$args[] = '-1';
$args[] = '--format=format:%H';
$args[] = $abbrevHash;
$args[] = escapeshellarg($abbrevHash);

$fullData = explode("\n", $this->exe->Execute($project->GetPath(), GIT_REV_LIST, $args));
if (empty($fullData[0])) {
Expand Down Expand Up @@ -125,7 +125,7 @@ public function AbbreviateHash($project, $hash)
$args = array();
$args[] = '-1';
$args[] = '--format=format:%h';
$args[] = $hash;
$args[] = escapeshellarg($hash);

$abbrevData = explode("\n", $this->exe->Execute($project->GetPath(), GIT_REV_LIST, $args));
if (empty($abbrevData[0])) {
Expand Down
10 changes: 5 additions & 5 deletions include/git/reflist/RefListLoad_Git.class.php
Expand Up @@ -45,7 +45,7 @@ protected function GetRefs($refList, $type)
return;

$args = array();
$args[] = '--' . $type;
$args[] = '--' . escapeshellarg($type);
$args[] = '--dereference';
$ret = $this->exe->Execute($refList->GetProject()->GetPath(), GIT_SHOW_REF, $args);

Expand Down Expand Up @@ -86,17 +86,17 @@ protected function GetOrderedRefs($refList, $type, $order, $count = 0, $skip = 0
return null;

$args = array();
$args[] = '--sort=' . $order;
$args[] = '--sort=' . escapeshellarg($order);
$args[] = '--format="%(refname)"';
if ($count > 0) {
if ($skip > 0) {
$args[] = '--count=' . ($count + $skip);
$args[] = '--count=' . escapeshellarg($count + $skip);
} else {
$args[] = '--count=' . $count;
$args[] = '--count=' . escapeshellarg($count);
}
}
$args[] = '--';
$args[] = 'refs/' . $type;
$args[] = escapeshellarg('refs/' . $type);
$ret = $this->exe->Execute($refList->GetProject()->GetPath(), GIT_FOR_EACH_REF, $args);

$lines = explode("\n", $ret);
Expand Down
6 changes: 3 additions & 3 deletions include/git/revlist/RevList_Git.class.php
Expand Up @@ -52,14 +52,14 @@ public function RevList($project, $hash, $count, $skip = 0, $args = array())

if ($canSkip) {
if ($count > 0) {
$extraargs[] = '--max-count=' . $count;
$extraargs[] = '--max-count=' . escapeshellarg($count);
}
if ($skip > 0) {
$extraargs[] = '--skip=' . $skip;
$extraargs[] = '--skip=' . escapeshellarg($skip);
}
} else {
if ($count > 0) {
$extraargs[] = '--max-count=' . ($count + $skip);
$extraargs[] = '--max-count=' . escapeshellarg($count + $skip);
}
}

Expand Down
2 changes: 1 addition & 1 deletion include/git/tag/TagLoad_Git.class.php
Expand Up @@ -112,7 +112,7 @@ public function Load($tag)
case 'tag':
$args = array();
$args[] = 'tag';
$args[] = $objectHash;
$args[] = escapeshellarg($objectHash);
$ret = $this->exe->Execute($tag->GetProject()->GetPath(), GIT_CAT_FILE, $args);
$lines = explode("\n", $ret);
foreach ($lines as $i => $line) {
Expand Down
2 changes: 1 addition & 1 deletion include/git/tree/TreeLoad_Base.class.php
Expand Up @@ -47,7 +47,7 @@ public function LoadHashPaths($tree)
$args[] = '--full-name';
$args[] = '-r';
$args[] = '-t';
$args[] = $tree->GetHash();
$args[] = escapeshellarg($tree->GetHash());

$lines = explode("\n", $this->exe->Execute($tree->GetProject()->GetPath(), GIT_LS_TREE, $args));

Expand Down
2 changes: 1 addition & 1 deletion include/git/tree/TreeLoad_Git.class.php
Expand Up @@ -29,7 +29,7 @@ public function Load($tree)
if ($this->exe->CanShowSizeInTree())
$args[] = '-l';
$args[] = '-t';
$args[] = $tree->GetHash();
$args[] = escapeshellarg($tree->GetHash());

$lines = explode("\n", $this->exe->Execute($tree->GetProject()->GetPath(), GIT_LS_TREE, $args));

Expand Down

0 comments on commit 1606217

Please sign in to comment.