Permalink
Browse files

Bug #19776 - escape arguments to prevent injection

  • Loading branch information...
mrook committed Jan 19, 2013
1 parent 4189ba7 commit cfbec8bd1963a2e36424764a6672fde6736f5440
Showing with 1 addition and 1 deletion.
  1. +1 −1 SVN/Command.php
View
@@ -303,7 +303,7 @@ public function prepare()
$switchPrefix = '--';
}
if (in_array($switch, $this->validSwitchesValue)) {
- $cmdParts[] = $switchPrefix . $switch . ' ' . $val;
+ $cmdParts[] = $switchPrefix . $switch . ' ' . escapeshellarg($val);
} elseif (in_array($switch, $this->validSwitches)) {
if (true === $val) {
$cmdParts[] = $switchPrefix . $switch;

0 comments on commit cfbec8b

Please sign in to comment.