bug 1070: Escape password before giving it to the command line
authorMichael Tänzer <neo@nhng.de>
Wed, 6 Jun 2012 20:05:07 +0000 (22:05 +0200)
committerMichael Tänzer <neo@nhng.de>
Wed, 6 Jun 2012 20:05:07 +0000 (22:05 +0200)
Signed-off-by: Michael Tänzer <neo@nhng.de>
includes/general.php

index 9e2b131..3478dd4 100644 (file)
 
                //echo "Points due to name matches: $points<br/>";
 
-               $do = `grep '$pwd' /usr/share/dict/american-english`;
+               $shellpwd = escapeshellarg($pwd);
+               $do = `grep $shellpwd /usr/share/dict/american-english`;
                if($do)
                        $points--;