Skip to content

Commit 1df4af0

Browse files
author
Daniel Neto
committed
Authenticated Remote Code Execution fix
1 parent 89507b8 commit 1df4af0

File tree

1 file changed

+1
-0
lines changed

1 file changed

+1
-0
lines changed

Diff for: plugin/CloneSite/cloneClient.json.php

+1
Original file line numberDiff line numberDiff line change
@@ -94,6 +94,7 @@
9494
$json->sqlFile = escapeshellarg(preg_replace('/[^a-z0-9_.-]/i', '', $json->sqlFile));
9595
$json->videoFiles = escapeshellarg(preg_replace('/[^a-z0-9_.-]/i', '', $json->videoFiles));
9696
$json->photoFiles = escapeshellarg(preg_replace('/[^a-z0-9_.-]/i', '', $json->photoFiles));
97+
$objClone->cloneSiteURL = escapeshellarg($objClone->cloneSiteURL);
9798

9899
// get dump file
99100
$cmd = "wget -O {$clonesDir}{$json->sqlFile} {$objClone->cloneSiteURL}videos/cache/clones/{$json->sqlFile}";

0 commit comments

Comments
 (0)