Use escapeshellarg() on the query string passed to shell_exec() #1

Merged
merged 2 commits into from Sep 27, 2014

Projects

None yet

2 participants

@shesek
shesek commented Oct 23, 2011

Use escapeshellarg() on the query string passed to shell_exec(), to make sure its treated safely as a single argument.

@shesek shesek Use `escapeshellarg()` on the query string passed to `shell_exec()`, …
…to make sure its treated safely as a single argument.
947a06e
@singpolyma
Owner

Good call, but doesn't escapeshellarg add the single-quotes? So you should get rid of those when you add it.

@shesek
shesek commented Oct 25, 2011

You're correct. Fixed.

@singpolyma singpolyma merged commit a8049b3 into singpolyma:master Sep 27, 2014
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment