Resolving CVE-2013-0232 - this should fix #93.
This commit is contained in:
parent
c9dce2363b
commit
2f92689d7e
|
@ -905,7 +905,7 @@ function fixDevices()
|
||||||
|
|
||||||
function packageControl( $command )
|
function packageControl( $command )
|
||||||
{
|
{
|
||||||
$string = ZM_PATH_BIN."/zmpkg.pl $command";
|
$string = ZM_PATH_BIN.'/zmpkg.pl '.escapeshellarg( $command );
|
||||||
$string .= " 2>/dev/null >&- <&- >/dev/null";
|
$string .= " 2>/dev/null >&- <&- >/dev/null";
|
||||||
exec( $string );
|
exec( $string );
|
||||||
}
|
}
|
||||||
|
@ -2145,7 +2145,8 @@ function setDeviceStatusX10( $key, $status )
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
// Can't connect so use script
|
// Can't connect so use script
|
||||||
$command = ZM_PATH_BIN."/zmx10.pl --command $status --unit-code $key";
|
$command = ZM_PATH_BIN.'/zmx10.pl --command '.escapeshellarg( $status );
|
||||||
|
$command .= ' --unit-code '.escapeshellarg( $key );
|
||||||
//$command .= " 2>/dev/null >&- <&- >/dev/null";
|
//$command .= " 2>/dev/null >&- <&- >/dev/null";
|
||||||
$x10Response = exec( $command );
|
$x10Response = exec( $command );
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue