Skip to content
This repository has been archived by the owner on Nov 25, 2020. It is now read-only.
Permalink
Browse files Browse the repository at this point in the history
Call escapeshellarg where missing
  • Loading branch information
cdujeu committed Jun 24, 2013
1 parent d9aebff commit 22a6284
Show file tree
Hide file tree
Showing 3 changed files with 6 additions and 6 deletions.
6 changes: 3 additions & 3 deletions core/src/plugins/access.fs/class.fsAccessWrapper.php
Expand Up @@ -439,18 +439,18 @@ public static function getLastRealSize(){

protected function getTrueSizeOnFileSystem($file) {
if (!(strtoupper(substr(PHP_OS, 0, 3)) == 'WIN')){
$cmd = "stat -L -c%s \"".$file."\"";
$cmd = "stat -L -c%s \"".escapeshellarg($file)."\"";
$val = trim(`$cmd`);
if (strlen($val) == 0 || floatval($val) == 0)
{
// No stat on system
$cmd = "ls -1s --block-size=1 \"".$file."\"";
$cmd = "ls -1s --block-size=1 ".escapeshellarg($file);
$val = trim(`$cmd`);
}
if (strlen($val) == 0 || floatval($val) == 0)
{
// No block-size on system (probably busybox), try long output
$cmd = "ls -l \"".$file."\"";
$cmd = "ls -l ".escapeshellarg($file)."";

$arr = explode("/[\s]+/", `$cmd`);
$val = trim($arr[4]);
Expand Down
Expand Up @@ -146,7 +146,7 @@ function switchAction($action, $httpVars, $fileVars){
$archiveName = AJXP_Utils::getAjxpTmpDir()."/".$httpVars["ope_id"]."_".$archiveName;
}
chdir($rootDir);
$cmd = "zip -r \"".$archiveName."\" ".implode(" ", $args);
$cmd = "zip -r ".escapeshellarg($archiveName)." ".implode(" ", $args);
$fsDriver = AJXP_PluginsService::getInstance()->getUniqueActivePluginForType("access");
$c = $fsDriver->getConfigs();
if(!isSet($c["SHOW_HIDDEN_FILES"]) || $c["SHOW_HIDDEN_FILES"] == false){
Expand Down
4 changes: 2 additions & 2 deletions core/src/plugins/meta.svn/class.SvnManager.php
Expand Up @@ -193,7 +193,7 @@ public function switchAction($actionName, $httpVars, $filesVars){
exit(0);
}else if($actionName == "revert_file"){

$revision = $httpVars["revision"];
$revision = escapeshellarg($httpVars["revision"]);
$realFile = $init["SELECTION"][0];
$compare = (isSet($httpVars["compare"]) && $httpVars["compare"] == "true");
$escapedFile = escapeshellarg($realFile);
Expand All @@ -207,7 +207,7 @@ public function switchAction($actionName, $httpVars, $filesVars){
}

}else if($actionName == "svnswitch"){
$revision = $httpVars["revision"];
$revision = escapeshellarg($httpVars["revision"]);
ExecSvnCmd("svn update -r$revision ".$init["DIR"]);
}
}
Expand Down

0 comments on commit 22a6284

Please sign in to comment.