Plug Security Hole In Docker Template PostArgs

Hole allows arbitrary execution of bash commands on host

plugins/dynamix.docker.manager/include/CreateDocker.php

@@ -441,7 +441,9 @@ function xmlToCommand($xml, $create_paths=false) {
 
 function execCommand($command) {
   // $command should have all its args already properly run through 'escapeshellarg'
-
+  $cmdTmp = explode(";",$command);
+  $command = $cmdTmp[0];
+  
   $descriptorspec = [
     0 => ["pipe", "r"],   // stdin is a pipe that the child will read from
     1 => ["pipe", "w"],   // stdout is a pipe that the child will write to