Skip to content

Commit

Permalink
Use escapeshellarg() on the query string passed to shell_exec(), …
Browse files Browse the repository at this point in the history 
…to make sure its treated safely as a single argument.
  • Loading branch information
@shesek
shesek committed Oct 23, 2011
1 parent cd13c31 commit 947a06e
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion web/show.php
View file
Expand Up @@ -29,7 +29,7 @@
echo "\n<p>".str_replace("\n\n","</p>\n\n<p>",$ticket[1])."</p>\n";

// XXX support threaded comments
$comments = explode("\n",shell_exec("cd '".REPOSITORY_PATH."/.tickets'; git ticket list comments '".basename($_SERVER['QUERY_STRING'])."'"));
$comments = explode("\n",shell_exec("cd '".REPOSITORY_PATH."/.tickets'; git ticket list comments '".escapeshellarg(basename($_SERVER['QUERY_STRING']))."'"));
if(count($comments)) {
echo "\n<ul>\n";
foreach($comments as $comment) {
Expand Down

1 comment on commit 947a06e

@singpolyma
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Good call, but doesn't escapeshellarg add the single-quotes? So you should get rid of those when you add it.

Please sign in to comment.