bug 1272: Properly escape the filename passed to OpenSSL

author: Benny Baumann <BenBE@geshi.org> 2014-04-19 00:45:25 +0200
committer: Benny Baumann <BenBE@geshi.org> 2014-04-19 00:45:25 +0200
commit: 066a02232fca9338c990a00bb696a6a51f2fd542 (patch)
tree: 51779f8adbabb9a41171aa7ff6c1147ad2da9245 /scripts/cron/warning.php
parent: 0ea069195e48daced9e92cc919be59a483566c78 (diff)
download: cacert-devel-066a02232fca9338c990a00bb696a6a51f2fd542.tar.gz
cacert-devel-066a02232fca9338c990a00bb696a6a51f2fd542.tar.xz
cacert-devel-066a02232fca9338c990a00bb696a6a51f2fd542.zip
1 files changed, 2 insertions, 1 deletions
diff --git a/scripts/cron/warning.php b/scripts/cron/warning.php
index 0c97ba2..8f607cd 100755
--- a/scripts/cron/warning.php
+++ b/scripts/cron/warning.php
@@ -38,7 +38,8 @@
 			{
 				$row['crt_name'] = str_replace("../", "www/", $row['crt_name']);
 				$row['crt_name'] = "/home/cacert/".$row['crt_name'];
-				$subject = `openssl x509 -in '$row[crt_name]' -text -noout|grep Subject:`;
+				$crt_name = escapeshellarg($row['crt_name']);
+				$subject = `openssl x509 -in $crt_name -text -noout|grep Subject:`;
 				$bits = explode("/", $subject);
 				foreach($bits as $val)
 				{
author	Benny Baumann <BenBE@geshi.org>	2014-04-19 00:45:25 +0200
committer	Benny Baumann <BenBE@geshi.org>	2014-04-19 00:45:25 +0200
commit	066a02232fca9338c990a00bb696a6a51f2fd542 (patch)
tree	51779f8adbabb9a41171aa7ff6c1147ad2da9245 /scripts/cron/warning.php
parent	0ea069195e48daced9e92cc919be59a483566c78 (diff)
download	cacert-devel-066a02232fca9338c990a00bb696a6a51f2fd542.tar.gz cacert-devel-066a02232fca9338c990a00bb696a6a51f2fd542.tar.xz cacert-devel-066a02232fca9338c990a00bb696a6a51f2fd542.zip