Merge pull request #142 from ams-tschoening/search_shell_injection

Prevent shell injection in search.

include/svnlook.php

@@ -862,7 +862,7 @@ function listFileContents($path, $rev = 0, $peg = '') {
 	}
 
 	// }}}
-	
+
 	// {{{ listReadmeContents
 	//
 	// Parse the README.md file
@@ -895,7 +895,7 @@ function listReadmeContents($path, $rev = 0, $peg = '') {
 		}
 
 		echo('<div id="wrap">');
-		while (!feof($result)) 
+		while (!feof($result))
 		{
 			$line = fgets($result, 1024);
 			echo $mdParser->text($line);
@@ -1112,19 +1112,18 @@ function getList($path, $rev = 0, $peg = '') {
 
 	// {{{ getListSearch
 
-	function getListSearch($path,$searchstring='', $rev = 0, $peg = '') {
+	function getListSearch($path, $term = '', $rev = 0, $peg = '') {
 		global $config, $curList;
 
-		// Since directories returned by svn log don't have trailing slashes (:-(), we need to remove
-		// the trailing slash from the path for comparison purposes
-
-		if ($path[strlen($path) - 1] == '/' && $path != '/') {
+		// Since directories returned by "svn log" don't have trailing slashes (:-(), we need to
+		// remove the trailing slash from the path for comparison purposes.
+		if (($path[strlen($path) - 1] == '/') && ($path != '/')) {
 			$path = substr($path, 0, -1);
 		}
 
-		$curList = new SVNList;
-		$curList->entries = array();
-		$curList->path = $path;
+		$curList			= new SVNList;
+		$curList->entries	= array();
+		$curList->path		= $path;
 
 		// Get the list info
 
@@ -1134,7 +1133,9 @@ function getListSearch($path,$searchstring='', $rev = 0, $peg = '') {
 				$rev = $headlog->entries[0]->rev;
 		}
 
-		$cmd = $this->svnCommandString('list -R --search '. '"'.$searchstring.'"'.' --xml', $path, $rev, $peg);
+		$term	= escapeshellarg($term);
+		$cmd	= 'list -R --search ' . $term . ' --xml';
+		$cmd	= $this->svnCommandString($cmd, $path, $rev, $peg);
 		$this->_xmlParseCmdOutput($cmd, 'listStartElement', 'listEndElement', 'listCharacterData');
 
 		return $curList;