Merge pull request #2948 from kstolp/fix-detaint-update-script
Detaint mysql commands in update script
This commit is contained in:
commit
51adf56130
|
@ -399,6 +399,7 @@ if ( $version ) {
|
|||
$command .= " --add-drop-table --databases ".$Config{ZM_DB_NAME}." > ".$backup;
|
||||
print( "Creating backup to $backup. This may take several minutes.\n" );
|
||||
print( "Executing '$command'\n" ) if ( logDebugging() );
|
||||
($command) = $command =~ /(.*)/; # detaint
|
||||
my $output = qx($command);
|
||||
my $status = $? >> 8;
|
||||
if ( $status || logDebugging() ) {
|
||||
|
@ -993,6 +994,7 @@ sub patchDB {
|
|||
$command .= '/zm_update-'.$version.'.sql';
|
||||
|
||||
print("Executing '$command'\n") if logDebugging();
|
||||
($command) = $command =~ /(.*)/; # detaint
|
||||
my $output = qx($command);
|
||||
my $status = $? >> 8;
|
||||
if ( $status || logDebugging() ) {
|
||||
|
|
Loading…
Reference in New Issue