chamilo
/
chamilo-lms
mirror of https://github.com/chamilo/chamilo-lms/tree/1.11.x
2
0
Fork 0
Code Issues Projects Releases Wiki Activity

Security: Avoid wrapping commands in double quotes as escapeshellarg() does not escape them from args

Browse Source
pull/4909/head
Yannick Warnier 2 years ago
parent e864127a44
commit 841a07396f
3 changed files with 9 additions and 12 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 7
      main/lp/openoffice_presentation.class.php
  2. 7
      main/lp/openoffice_text.class.php
  3. 7
      main/lp/openoffice_text_document.class.php

7
main/lp/openoffice_presentation.class.php
Unescape View File

@ -253,11 +253,10 @@ class OpenofficePresentation extends OpenofficeDocument
$this->slide_height = (int) $h; $this->slide_height = (int) $h;
} }
return ' -w '.$this->slide_width.' -h '.$this->slide_height.' -d oogie "' return ' -w '.$this->slide_width.' -h '.$this->slide_height.' -d oogie '
.Security::sanitizeExecParam($this->base_work_dir.'/'.$this->file_path) .Security::sanitizeExecParam($this->base_work_dir.'/'.$this->file_path)
.'" "' .' '
.Security::sanitizeExecParam($this->base_work_dir.$this->created_dir.'.html') .Security::sanitizeExecParam($this->base_work_dir.$this->created_dir.'.html');
.'"';
} }
public function set_slide_size($width, $height) public function set_slide_size($width, $height)

7
main/lp/openoffice_text.class.php
Unescape View File

@ -331,11 +331,10 @@ class OpenofficeText extends OpenofficeDocument
*/ */
public function add_command_parameters() public function add_command_parameters()
{ {
return ' -d woogie "' return ' -d woogie '
.Security::sanitizeExecParam($this->base_work_dir.'/'.$this->file_path) .Security::sanitizeExecParam($this->base_work_dir.'/'.$this->file_path)
.'" "' .' '
.Security::sanitizeExecParam($this->base_work_dir.$this->created_dir.'/'.$this->file_name.'.html') .Security::sanitizeExecParam($this->base_work_dir.$this->created_dir.'/'.$this->file_name.'.html');
.'"';
} }
/** /**

7
main/lp/openoffice_text_document.class.php
Unescape View File

@ -333,11 +333,10 @@ class OpenOfficeTextDocument extends OpenofficeDocument
*/ */
public function add_command_parameters() public function add_command_parameters()
{ {
return ' -d woogie "' return ' -d woogie '
.Security::sanitizeExecParam($this->base_work_dir.'/'.$this->file_path) .Security::sanitizeExecParam($this->base_work_dir.'/'.$this->file_path)
.'" "' .' '
.Security::sanitizeExecParam($this->base_work_dir.$this->created_dir.'/'.$this->file_name.'.html') .Security::sanitizeExecParam($this->base_work_dir.$this->created_dir.'/'.$this->file_name.'.html');
.'"';
} }
/** /**

Write Preview
Loading…
Cancel
Save