Improved backup var validation

serghey-rodin · serghey-rodin · commit d21a6d4fe525 · 2014-12-19T00:39:59.000+02:00
diff --git a/web/list/backup/index.php b/web/list/backup/index.php
@@ -19,7 +19,7 @@
     unset($output);
     include($_SERVER['DOCUMENT_ROOT'].'/templates/admin/list_backup.html');
 } else {
-    exec (VESTA_CMD."v-list-user-backup $user '".$_GET['backup']."' json", $output, $return_var);
+    exec (VESTA_CMD."v-list-user-backup $user '".escapeshellarg($_GET['backup'])."' json", $output, $return_var);
     $data = json_decode(implode('', $output), true);
     $data = array_reverse($data,true);
     unset($output);
