mirror_html/h5ai
1
0
Fork 0
mirror of https://github.com/lrsjng/h5ai.git synced 2025-03-24 14:30:03 +01:00
Code Issues Projects Releases Wiki Activity

Escapes shell arguments. See issue .

Browse Source
This commit is contained in:
Lars Jung 2013-08-24 23:22:34 +02:00
parent 4cf5b13d06
commit 1f9365ae97
2 changed files with 5 additions and 5 deletions
src/_h5ai/server/php/inc
Archive.phpItem.php

6
src/_h5ai/server/php/inc/Archive.php

@ -44,9 +44,9 @@ class Archive {
private function shell_cmd($cmd) {
$cmd = str_replace("[ROOTDIR]", "\"" . $this->app->get_abs_path() . "\"", $cmd);
$cmd = str_replace("[DIRS]", count($this->dirs) ? "\"" . implode("\" \"", array_values($this->dirs)) . "\"" : "", $cmd);
$cmd = str_replace("[FILES]", count($this->files) ? "\"" . implode("\" \"", array_values($this->files)) . "\"" : "", $cmd);
$cmd = str_replace("[ROOTDIR]", escapeshellarg($this->app->get_abs_path()), $cmd);
$cmd = str_replace("[DIRS]", count($this->dirs) ? implode(" ", array_map("escapeshellarg", $this->dirs)) : "", $cmd);
$cmd = str_replace("[FILES]", count($this->files) ? implode(" ", array_map("escapeshellarg", $this->files)) : "", $cmd);
try {
passthru($cmd);
} catch (Exeption $err) {

4
src/_h5ai/server/php/inc/Item.php

@ -2,7 +2,7 @@
class Item {
private static $FOLDER_SIZE_CMD = "du -sk \"[DIR]\"";
private static $FOLDER_SIZE_CMD = "du -sk [DIR]";
public static function cmp($item1, $item2) {
@ -57,7 +57,7 @@ class Item {
$this->size = null;
$options = $app->get_options();
if ($options["foldersize"]["enabled"]) {
$cmd = str_replace("[DIR]", $this->abs_path, Item::$FOLDER_SIZE_CMD);
$cmd = str_replace("[DIR]", escapeshellarg($this->abs_path), Item::$FOLDER_SIZE_CMD);
$this->size = intval(preg_replace("/\s.*$/", "", `$cmd`), 10) * 1024;
}
} else {