Resolving CVE-2013-0232 - this should fix #93.

This commit is contained in:
Kyle Johnson 2013-08-30 21:53:19 -04:00
parent c9dce2363b
commit 2f92689d7e
1 changed files with 3 additions and 2 deletions

View File

@ -905,7 +905,7 @@ function fixDevices()
function packageControl( $command ) function packageControl( $command )
{ {
$string = ZM_PATH_BIN."/zmpkg.pl $command"; $string = ZM_PATH_BIN.'/zmpkg.pl '.escapeshellarg( $command );
$string .= " 2>/dev/null >&- <&- >/dev/null"; $string .= " 2>/dev/null >&- <&- >/dev/null";
exec( $string ); exec( $string );
} }
@ -2145,7 +2145,8 @@ function setDeviceStatusX10( $key, $status )
else else
{ {
// Can't connect so use script // Can't connect so use script
$command = ZM_PATH_BIN."/zmx10.pl --command $status --unit-code $key"; $command = ZM_PATH_BIN.'/zmx10.pl --command '.escapeshellarg( $status );
$command .= ' --unit-code '.escapeshellarg( $key );
//$command .= " 2>/dev/null >&- <&- >/dev/null"; //$command .= " 2>/dev/null >&- <&- >/dev/null";
$x10Response = exec( $command ); $x10Response = exec( $command );
} }