mirror/webgui
1
0
Fork 0
mirror of https://github.com/unraid/webgui.git synced 2026-04-29 14:29:24 -05:00
Code Issues Packages Projects Releases Wiki Activity

Escape shell arg to remove potential malicious injection

Browse Source
This commit is contained in:
Rob Vella
2020-01-06 17:10:50 -08:00
parent b32f2f0da5
commit 7108f4ed3b
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files
plugins/dynamix/include/local_prepend.php
+1 -1
View File
@@ -15,7 +15,7 @@
* auto_prepend_file="/usr/local/emhttp/webGui/include/local_prepend.php"
*/
function csrf_terminate($reason) {
shell_exec("logger error: {$_SERVER['REQUEST_URI']}: $reason csrf_token");
shell_exec("logger error: " . escapeshellarg($_SERVER['REQUEST_URI']) . ": $reason csrf_token");
exit;
}
putenv('PATH=.:/usr/local/sbin:/usr/sbin:/sbin:/usr/local/bin:/usr/bin:/bin');