Resolving CVE-2013-0232 - this should fix #93.
This commit is contained in:
parent
c9dce2363b
commit
2f92689d7e
|
@ -905,7 +905,7 @@ function fixDevices()
|
|||
|
||||
function packageControl( $command )
|
||||
{
|
||||
$string = ZM_PATH_BIN."/zmpkg.pl $command";
|
||||
$string = ZM_PATH_BIN.'/zmpkg.pl '.escapeshellarg( $command );
|
||||
$string .= " 2>/dev/null >&- <&- >/dev/null";
|
||||
exec( $string );
|
||||
}
|
||||
|
@ -2145,7 +2145,8 @@ function setDeviceStatusX10( $key, $status )
|
|||
else
|
||||
{
|
||||
// Can't connect so use script
|
||||
$command = ZM_PATH_BIN."/zmx10.pl --command $status --unit-code $key";
|
||||
$command = ZM_PATH_BIN.'/zmx10.pl --command '.escapeshellarg( $status );
|
||||
$command .= ' --unit-code '.escapeshellarg( $key );
|
||||
//$command .= " 2>/dev/null >&- <&- >/dev/null";
|
||||
$x10Response = exec( $command );
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue