escapeshellarg document root for security reasons (fixes #3984)

Pascal Dreissen · Pascal Dreissen · commit e8dda462f3b0 · 2016-07-08T11:25:42.000+02:00
diff --git a/server/plugins-available/apache2_plugin.inc.php b/server/plugins-available/apache2_plugin.inc.php
@@ -884,7 +884,7 @@ function update($event_name, $data) {
 			}
             
           // get the primitive folder for document_root and the filesystem, will need it later.
-          $df_output=explode(" ", exec("df -T " . $data['new']['document_root'] . "|awk 'END{print \$2,\$NF}'"));
+          $df_output=explode(" ", exec("df -T " . escapeshellarg($data['new']['document_root']) . "|awk 'END{print \$2,\$NF}'"));
           $file_system = $df_output[0];
           $primitive_root = $df_output[1];
 
diff --git a/server/plugins-available/cron_plugin.inc.php b/server/plugins-available/cron_plugin.inc.php
@@ -136,7 +136,7 @@ function update($event_name, $data) {
             }
 
             // get the primitive folder for document_root and the filesystem, will need it later.
-            $df_output=explode(" ", exec("df -T " . $parent_domain["document_root"] . "|awk 'END{print \$2,\$NF}'"));
+            $df_output=explode(" ", exec("df -T " . escapeshellarg($parent_domain["document_root"]) . "|awk 'END{print \$2,\$NF}'"));
             $file_system = $df_output[0];
             $primitive_root = $df_output[1];
 

Original file line number	Diff line number	Diff line change
`@@ -884,7 +884,7 @@ function update($event_name, $data) {`
`884`	`884`	`}`
`885`	`885`
`886`	`886`	`// get the primitive folder for document_root and the filesystem, will need it later.`
`887`		`- $df_output=explode(" ", exec("df -T " . $data['new']['document_root'] . "\|awk 'END{print \$2,\$NF}'"));`
	`887`	`+ $df_output=explode(" ", exec("df -T " . escapeshellarg($data['new']['document_root']) . "\|awk 'END{print \$2,\$NF}'"));`
`888`	`888`	`$file_system = $df_output[0];`
`889`	`889`	`$primitive_root = $df_output[1];`
`890`	`890`
Original file line number	Diff line number	Diff line change
`@@ -136,7 +136,7 @@ function update($event_name, $data) {`
`136`	`136`	`}`
`137`	`137`
`138`	`138`	`// get the primitive folder for document_root and the filesystem, will need it later.`
`139`		`- $df_output=explode(" ", exec("df -T " . $parent_domain["document_root"] . "\|awk 'END{print \$2,\$NF}'"));`
	`139`	`+ $df_output=explode(" ", exec("df -T " . escapeshellarg($parent_domain["document_root"]) . "\|awk 'END{print \$2,\$NF}'"));`
`140`	`140`	`$file_system = $df_output[0];`
`141`	`141`	`$primitive_root = $df_output[1];`
`142`	`142`