mirror/webgui
1
0
Fork 0
mirror of https://github.com/unraid/webgui.git synced 2026-03-14 15:01:42 -05:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #569 from deftx/master

Browse Source 
Escape shell arg to remove potential malicious injection
This commit is contained in:
tom mortensen
2020-01-06 17:29:22 -08:00
committed by GitHub
parent b32f2f0da5 7108f4ed3b
commit 562c21865d
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
plugins/dynamix/include/local_prepend.php
View File

@@ -15,7 +15,7 @@
* auto_prepend_file="/usr/local/emhttp/webGui/include/local_prepend.php"
*/
function csrf_terminate($reason) {
shell_exec("logger error: {$_SERVER['REQUEST_URI']}: $reason csrf_token");
shell_exec("logger error: " . escapeshellarg($_SERVER['REQUEST_URI']) . ": $reason csrf_token");
exit;
}
putenv('PATH=.:/usr/local/sbin:/usr/sbin:/sbin:/usr/local/bin:/usr/bin:/bin');