diff --git a/web/includes/functions.php b/web/includes/functions.php index 17fa04105..3b37aaddb 100644 --- a/web/includes/functions.php +++ b/web/includes/functions.php @@ -905,7 +905,7 @@ function fixDevices() function packageControl( $command ) { - $string = ZM_PATH_BIN."/zmpkg.pl $command"; + $string = ZM_PATH_BIN.'/zmpkg.pl '.escapeshellarg( $command ); $string .= " 2>/dev/null >&- <&- >/dev/null"; exec( $string ); } @@ -2145,7 +2145,8 @@ function setDeviceStatusX10( $key, $status ) else { // Can't connect so use script - $command = ZM_PATH_BIN."/zmx10.pl --command $status --unit-code $key"; + $command = ZM_PATH_BIN.'/zmx10.pl --command '.escapeshellarg( $status ); + $command .= ' --unit-code '.escapeshellarg( $key ); //$command .= " 2>/dev/null >&- <&- >/dev/null"; $x10Response = exec( $command ); }