Home  |  Linux  | Mysql  | PHP  | XML
 
From:Mirco 'meebey' Bauer Date:Sat Jun 12 13:29:52 2004
Subject:cvs: pearbot /modules pearcmds.php 
meebey		Sat Jun 12 15:29:52 2004 EDT

  Modified files:              
    /pearbot/modules	pearcmds.php 
  Log:
  - added security for shell commands (big thanks to Cipriano Groenendal)
  
  
  
http://cvs.php.net/diff.php/pearbot/modules/pearcmds.php?r1=1.8&r2=1.9&ty=u
Index: pearbot/modules/pearcmds.php
diff -u pearbot/modules/pearcmds.php:1.8 pearbot/modules/pearcmds.php:1.9
--- pearbot/modules/pearcmds.php:1.8	Sat Jul 26 09:06:18 2003
+++ pearbot/modules/pearcmds.php	Sat Jun 12 15:29:51 2004
@@ -1,9 +1,9 @@
 <?php
 /**
- * $Id: pearcmds.php,v 1.8 2003/07/26 13:06:18 meebey Exp $
- * $Revision: 1.8 $
+ * $Id: pearcmds.php,v 1.9 2004/06/12 19:29:51 meebey Exp $
+ * $Revision: 1.9 $
  * $Author: meebey $
- * $Date: 2003/07/26 13:06:18 $
+ * $Date: 2004/06/12 19:29:51 $
  *
  * Copyright (c) 2003 Nicolas CHAILLAN <nicos@php.net>
 */
@@ -46,14 +46,12 @@
                 }
                 $print = $this->pear_info($data->messageex[2]);
                 break;
-                
             case 'list':
             case 'lists':
             case 'list-all':
             case 'remote-list':
                 $print = $this->pear_listing();
                 break;
-                
             case 'search':
             case 'find':
                 if (!isset($data->messageex[2]) || empty($data->messageex[2])) {
@@ -62,7 +60,6 @@
                 }
                 $print = $this->pear_search($data->messageex[2]);
                 break;
-                
             case 'help':
             default:
                 $print = $this->pear_help();
@@ -77,7 +74,7 @@
     
     function pear_info($package) 
     {
-        exec($this->pear_binary.' remote-info '.$package, $buf);
+        exec($this->pear_binary.' remote-info '.escapeshellarg($package), $buf);
         $buf = implode("\n", $buf);
         $buf = "Here is the information for $package:\n".$buf;
         return $buf;
@@ -93,7 +90,7 @@
     
     function pear_search($search_for) 
     {
-        exec($this->pear_binary.' search '.$search_for, $buf);
+        exec($this->pear_binary.' search '.escapeshellarg($search_for), $buf);
         $buf = implode("\n", $buf);
         $buf = "Here are the PEAR packages that match ".$search_for.":\n".$buf;
         return $buf;
Navigate in group php.pear.bot at sever news.php.net
Previous Next




  
© No Copyright
You are free to use Anything 		Site Maintained by Zareef Ahmed
Powered By PHP Consultants