diff options
| author | Michael Tänzer <neo@nhng.de> | 2012-06-06 22:05:07 +0200 |
|---|---|---|
| committer | Michael Tänzer <neo@nhng.de> | 2012-06-06 22:05:07 +0200 |
| commit | d5432de9373b851e78fe9a6cb1f34119e42a1984 (patch) | |
| tree | 4f0174aa18f80246c3a83ed87d51eb80bbaee4b0 | |
| parent | 83841a905be04357a065d929a59a9fa314f36415 (diff) | |
| download | cacert-devel-d5432de9373b851e78fe9a6cb1f34119e42a1984.tar.gz cacert-devel-d5432de9373b851e78fe9a6cb1f34119e42a1984.tar.xz cacert-devel-d5432de9373b851e78fe9a6cb1f34119e42a1984.zip | |
bug 1070: Escape password before giving it to the command line
Signed-off-by: Michael Tänzer <neo@nhng.de>
| -rw-r--r-- | includes/general.php | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/includes/general.php b/includes/general.php index 9e2b131..3478dd4 100644 --- a/includes/general.php +++ b/includes/general.php @@ -215,7 +215,8 @@ //echo "Points due to name matches: $points<br/>"; - $do = `grep '$pwd' /usr/share/dict/american-english`; + $shellpwd = escapeshellarg($pwd); + $do = `grep $shellpwd /usr/share/dict/american-english`; if($do) $points--; |