Skip to content

Commit 9b0e452

Browse files
committed
[Fix]OS Command Injection via file upload. #21
1 parent 72568a3 commit 9b0e452

File tree

2 files changed

+4
-3
lines changed

2 files changed

+4
-3
lines changed

Diff for: cms/common/action/site/Entry/SearchAction.class.php

+2-1
Original file line numberDiff line numberDiff line change
@@ -58,10 +58,11 @@ private function searchEntries(string $freewordText, array $label, array $cdate,
5858
foreach(array("title","content","more") as $column){
5959
$freeword = array();
6060
foreach($keywords as $keyword){
61+
$keyword = trim($keyword);
6162

6263
$bind_key = ':freeword'.$keywordCounts;
6364

64-
if($keyword[0] == "-"){
65+
if(strlen($keyword) >= 1 && $keyword[0] == "-"){
6566
$keyword = substr($keyword,1);
6667
$freeword[] = 'Entry.'.$column." not like ".$bind_key."";
6768
}else{

Diff for: cms/common/action/site/Entry/UploadFileAction.class.php

+2-2
Original file line numberDiff line numberDiff line change
@@ -163,8 +163,8 @@ function execute($resp, $form, $req) {
163163
switch($ext){
164164
case "jpeg":
165165
exec("jpegoptim -V", $out);
166-
if(isset($out) && count($out)){
167-
exec("jpegoptim --strip-all " . $filepath);
166+
if(is_array($out) && count($out)){
167+
exec("jpegoptim --strip-all " . escapeshellarg($filepath));
168168
}
169169
break;
170170
}

0 commit comments

Comments
 (0)