summaryrefslogtreecommitdiff
path: root/includes/general.php
diff options
context:
space:
mode:
authorFelix Dörre <felix@dogcraft.de>2014-06-15 10:39:04 +0200
committerFelix Dörre <felix@dogcraft.de>2014-06-15 10:59:31 +0200
commitb6ee5404b9dcc3df6ace5f640f522118d18b818d (patch)
treeeae5a40733cde853c993588bee9a1420bbbc9b3d /includes/general.php
parent6d0f414854b2c1aa1da9ec49889ac9bb3b69b966 (diff)
downloadcacert-devel-b6ee5404b9dcc3df6ace5f640f522118d18b818d.tar.gz
cacert-devel-b6ee5404b9dcc3df6ace5f640f522118d18b818d.tar.xz
cacert-devel-b6ee5404b9dcc3df6ace5f640f522118d18b818d.zip
bug 1273: replace backtick operators with shell_exec
+ fix 1 missing escapeshellarg Commands used to locate: 1. find includes -type f -name '*.php' -exec cat {} \; \ | tr '\n' '?' | sed 's/\(\$query .\?= \|\ mysql_query(\|query_init (\)"\([^"]\|".\(\(intval\|mysql_real_escape_string\)\ (\$[^\$)]\+)\|\$_SESSION\(\['_config'\]\['user'\]\['Q[1-5]'\]\ \|['_config']['disablelogin']\)\)[ ?]*."\)*"/mysql-substitute/g'\ | tr '?' '\n' | grep --color=always "\`"|less -r and reviewing the queries by hand. This command replaces out strings obviously looking like sql_queries and then outputting al remaining backticks: starting with "$query = ,mysql_query, ..." and are only interrupted by "safe" calls: - mysql_real_escape_string - intval - pre_escaped session variables (This command may also be used for locating bad escaped sql_queries) 2. grep -r "\`\(grep\|/\|echo\|dig\|openssl\|gpg\|rm\|../\)" www includes pages \ | grep -v '\(from\|update\|into\) `gpg'
Diffstat (limited to 'includes/general.php')
-rw-r--r--includes/general.php8
1 files changed, 4 insertions, 4 deletions
diff --git a/includes/general.php b/includes/general.php
index 854aab4..02b559b 100644
--- a/includes/general.php
+++ b/includes/general.php
@@ -219,7 +219,7 @@
//echo "Points due to name matches: $points<br/>";
$shellpwd = escapeshellarg($pwd);
- $do = `grep -F -- $shellpwd /usr/share/dict/american-english`;
+ $do = shell_exec("grep -F -- $shellpwd /usr/share/dict/american-english");
if($do)
$points--;
@@ -527,7 +527,7 @@
$fp = fopen($tmpfname, "w");
fputs($fp, $message);
fclose($fp);
- $do = `/usr/bin/gpg --homedir /home/gpg --clearsign "$tmpfname"|/usr/sbin/sendmail "$to"`;
+ $do = shell_exec("/usr/bin/gpg --homedir /home/gpg --clearsign \"$tmpfname\"|/usr/sbin/sendmail ".escapeshellarg($to));
@unlink($tmpfname);
}
@@ -538,9 +538,9 @@
{
list($username,$domain)=explode('@',$email,2);
$dom = escapeshellarg($domain);
- $line = trim(`dig +short MX $dom 2>&1`);
+ $line = trim(shell_exec("dig +short MX $dom 2>&1"));
#echo $email."-$dom-$line-\n";
-#echo `dig +short mx heise.de 2>&1`."-<br>\n";
+#echo shell_exec("dig +short mx heise.de 2>&1")."-<br>\n";
$list = explode("\n", $line);
foreach($list as $row) {