Merge pull request #1780 from connortechnology/fix_1775

use escapeshellarg on inputs to daemonControl and other functions
This commit is contained in:
Andrew Bauer 2017-03-16 09:27:04 -05:00 committed by GitHub
commit 7e0ac4b239
1 changed files with 5 additions and 5 deletions

View File

@ -832,9 +832,9 @@ function packageControl( $command ) {
function daemonControl( $command, $daemon=false, $args=false ) {
$string = ZM_PATH_BIN."/zmdc.pl $command";
if ( $daemon ) {
$string .= " $daemon";
$string .= escapeshellarg(" $daemon");
if ( $args ) {
$string .= " $args";
$string .= escapeshellarg(" $args");
}
}
$string .= " 2>/dev/null >&- <&- >/dev/null";
@ -944,9 +944,9 @@ function zmaStatus( $monitor ) {
function daemonCheck( $daemon=false, $args=false ) {
$string = ZM_PATH_BIN."/zmdc.pl check";
if ( $daemon ) {
$string .= " $daemon";
$string .= escapeshellarg(" $daemon");
if ( $args )
$string .= " $args";
$string .= escapeshellarg(" $args");
}
$result = exec( $string );
return( preg_match( '/running/', $result ) );
@ -1450,7 +1450,7 @@ function getDiskPercent($path = ZM_DIR_EVENTS) {
}
function getDiskBlocks() {
$df = shell_exec( 'df '.ZM_DIR_EVENTS );
$df = shell_exec( 'df '.escapeshellarg(ZM_DIR_EVENTS) );
$space = -1;
if ( preg_match( '/\s(\d+)\s+\d+\s+\d+%/ms', $df, $matches ) )
$space = $matches[1];