Permalink
Browse files

fixing security hole. reference : http://moodle.org/mod/forum/discuss…

  • Loading branch information...
1 parent 33dfd09 commit 6e7e89849ab3994c735a39ae015d6c80e6f3e93f diml committed Dec 5, 2007
Showing with 2 additions and 2 deletions.
  1. +1 −1 search/documents/physical_doc.php
  2. +1 −1 search/documents/physical_pdf.php
@@ -24,7 +24,7 @@ function get_text_for_indexing_doc(&$resource){
mtrace('Error with MSWord to text converter command : exectuable not found.');
}
else{
- $file = $CFG->dataroot.'/'.$resource->course.'/'.$resource->reference;
+ $file = escapeshellarg($CFG->dataroot.'/'.$resource->course.'/'.$resource->reference);
$text_converter_cmd = "{$CFG->dirroot}/{$CFG->block_search_word_to_text_cmd} $file";
if ($CFG->block_search_word_to_text_env){
putenv($CFG->block_search_word_to_text_env);
@@ -21,7 +21,7 @@ function get_text_for_indexing_pdf(&$resource){
mtrace('Error with pdf to text converter command : exectuable not found.');
}
else{
- $file = $CFG->dataroot.'/'.$resource->course.'/'.$resource->reference;
+ $file = escapeshellarg($CFG->dataroot.'/'.$resource->course.'/'.$resource->reference);
$text_converter_cmd = "{$CFG->dirroot}/{$CFG->block_search_pdf_to_text_cmd} $file -";
$result = shell_exec($text_converter_cmd);
if ($result){

0 comments on commit 6e7e898

Please sign in to comment.