summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMichael Tänzer <neo@nhng.de>2012-06-06 22:05:07 +0200
committerMichael Tänzer <neo@nhng.de>2012-06-06 22:05:07 +0200
commitd5432de9373b851e78fe9a6cb1f34119e42a1984 (patch)
tree4f0174aa18f80246c3a83ed87d51eb80bbaee4b0
parent83841a905be04357a065d929a59a9fa314f36415 (diff)
downloadcacert-devel-d5432de9373b851e78fe9a6cb1f34119e42a1984.tar.gz
cacert-devel-d5432de9373b851e78fe9a6cb1f34119e42a1984.tar.xz
cacert-devel-d5432de9373b851e78fe9a6cb1f34119e42a1984.zip
bug 1070: Escape password before giving it to the command line
Signed-off-by: Michael Tänzer <neo@nhng.de>
-rw-r--r--includes/general.php3
1 files changed, 2 insertions, 1 deletions
diff --git a/includes/general.php b/includes/general.php
index 9e2b131..3478dd4 100644
--- a/includes/general.php
+++ b/includes/general.php
@@ -215,7 +215,8 @@
//echo "Points due to name matches: $points<br/>";
- $do = `grep '$pwd' /usr/share/dict/american-english`;
+ $shellpwd = escapeshellarg($pwd);
+ $do = `grep $shellpwd /usr/share/dict/american-english`;
if($do)
$points--;