mirror/webgui
1
0
Fork 0
mirror of https://github.com/unraid/webgui.git synced 2026-01-19 16:10:17 -06:00
Code Issues Packages Projects Releases Wiki Activity

Revert "Plug Security Hole In Docker Template PostArgs"

Browse Source
This commit is contained in:
tom mortensen
2018-03-16 22:37:29 -07:00
committed by GitHub
parent bb1fa3a435
commit 5052f82177
1 changed files with 2 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
plugins/dynamix.docker.manager/include/CreateDocker.php
View File

@@ -422,7 +422,6 @@ function xmlToCommand($xml, $create_paths=false) {
$Devices[] = escapeshellarg($hostConfig);
}
}
$postArgs = explode(";",$xml['PostArgs']);
$cmd = sprintf($docroot.'/plugins/dynamix.docker.manager/scripts/docker create %s %s %s %s %s %s %s %s %s %s %s',
$cmdName,
$cmdNetwork,
@@ -434,7 +433,7 @@ function xmlToCommand($xml, $create_paths=false) {
implode(' --device=', $Devices),
$xml['ExtraParams'],
escapeshellarg($xml['Repository']),
$postArgs[0]);
$xml['PostArgs']);
$cmd = trim(preg_replace('/\s+/', ' ', $cmd));
return [$cmd, $xml['Name'], $xml['Repository']];
@@ -442,7 +441,7 @@ function xmlToCommand($xml, $create_paths=false) {
function execCommand($command) {
// $command should have all its args already properly run through 'escapeshellarg'
$descriptorspec = [
0 => ["pipe", "r"], // stdin is a pipe that the child will read from
1 => ["pipe", "w"], // stdout is a pipe that the child will write to