Resolving CVE-2013-0232 - this should fix #93.

This commit is contained in:
Kyle Johnson 2013-08-30 21:53:19 -04:00
parent c9dce2363b
commit 2f92689d7e
1 changed files with 3 additions and 2 deletions

View File

@ -905,7 +905,7 @@ function fixDevices()
function packageControl( $command )
{
$string = ZM_PATH_BIN."/zmpkg.pl $command";
$string = ZM_PATH_BIN.'/zmpkg.pl '.escapeshellarg( $command );
$string .= " 2>/dev/null >&- <&- >/dev/null";
exec( $string );
}
@ -2145,7 +2145,8 @@ function setDeviceStatusX10( $key, $status )
else
{
// Can't connect so use script
$command = ZM_PATH_BIN."/zmx10.pl --command $status --unit-code $key";
$command = ZM_PATH_BIN.'/zmx10.pl --command '.escapeshellarg( $status );
$command .= ' --unit-code '.escapeshellarg( $key );
//$command .= " 2>/dev/null >&- <&- >/dev/null";
$x10Response = exec( $command );
}