ZaneYork
/
zoneminder
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge pull request #2948 from kstolp/fix-detaint-update-script 

Detaint mysql commands in update script
This commit is contained in:
Isaac Connor 2020-06-02 09:02:50 -04:00 committed by GitHub
parent bd287d7c7c 0e6ff1ad09
commit 51adf56130
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 2 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
scripts/zmupdate.pl.in
View File

@ -399,6 +399,7 @@ if ( $version ) {
$command .= " --add-drop-table --databases ".$Config{ZM_DB_NAME}." > ".$backup; $command .= " --add-drop-table --databases ".$Config{ZM_DB_NAME}." > ".$backup;
print( "Creating backup to $backup. This may take several minutes.\n" ); print( "Creating backup to $backup. This may take several minutes.\n" );
print( "Executing '$command'\n" ) if ( logDebugging() ); print( "Executing '$command'\n" ) if ( logDebugging() );
($command) = $command =~ /(.*)/; # detaint
my $output = qx($command); my $output = qx($command);
my $status = $? >> 8; my $status = $? >> 8;
if ( $status || logDebugging() ) { if ( $status || logDebugging() ) {
@ -993,6 +994,7 @@ sub patchDB {
$command .= '/zm_update-'.$version.'.sql'; $command .= '/zm_update-'.$version.'.sql';
print("Executing '$command'\n") if logDebugging(); print("Executing '$command'\n") if logDebugging();
($command) = $command =~ /(.*)/; # detaint
my $output = qx($command); my $output = qx($command);
my $status = $? >> 8; my $status = $? >> 8;
if ( $status || logDebugging() ) { if ( $status || logDebugging() ) {