From 066a02232fca9338c990a00bb696a6a51f2fd542 Mon Sep 17 00:00:00 2001
From: Benny Baumann <BenBE@geshi.org>
Date: Sat, 19 Apr 2014 00:45:25 +0200
Subject: bug 1272: Properly escape the filename passed to OpenSSL

---
 scripts/cron/warning.php | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

(limited to 'scripts/cron/warning.php')

diff --git a/scripts/cron/warning.php b/scripts/cron/warning.php
index 0c97ba2..8f607cd 100755
--- a/scripts/cron/warning.php
+++ b/scripts/cron/warning.php
@@ -38,7 +38,8 @@
 			{
 				$row['crt_name'] = str_replace("../", "www/", $row['crt_name']);
 				$row['crt_name'] = "/home/cacert/".$row['crt_name'];
-				$subject = `openssl x509 -in '$row[crt_name]' -text -noout|grep Subject:`;
+				$crt_name = escapeshellarg($row['crt_name']);
+				$subject = `openssl x509 -in $crt_name -text -noout|grep Subject:`;
 				$bits = explode("/", $subject);
 				foreach($bits as $val)
 				{
-- 
cgit v1.2.1