mirror of https://github.com/MISP/MISP
Security fix
- filenames are now enclosed by quotes instead of double quotes while executing the zip command via execpull/433/head
parent
f4d5d55d48
commit
6763159e87
|
@ -1 +1 @@
|
|||
{"major":2, "minor":3, "hotfix":54}
|
||||
{"major":2, "minor":3, "hotfix":55}
|
||||
|
|
|
@ -925,7 +925,7 @@ class Attribute extends AppModel {
|
|||
// TODO check if CakePHP has no easy/safe wrapper to execute commands
|
||||
$execRetval = '';
|
||||
$execOutput = array();
|
||||
exec("zip -j -P infected " . $zipfile->path . ' "' . addslashes($fileInZip->path) . '"', $execOutput, $execRetval);
|
||||
exec("zip -j -P infected " . $zipfile->path . ' \'' . addslashes($fileInZip->path) . '\'', $execOutput, $execRetval);
|
||||
if ($execRetval != 0) { // not EXIT_SUCCESS
|
||||
// do some?
|
||||
};
|
||||
|
|
|
@ -510,7 +510,7 @@ class ShadowAttribute extends AppModel {
|
|||
// TODO check if CakePHP has no easy/safe wrapper to execute commands
|
||||
$execRetval = '';
|
||||
$execOutput = array();
|
||||
exec("zip -j -P infected " . $zipfile->path . ' "' . addslashes($fileInZip->path) . '"', $execOutput, $execRetval);
|
||||
exec("zip -j -P infected " . $zipfile->path . ' \'' . addslashes($fileInZip->path) . '\'', $execOutput, $execRetval);
|
||||
if ($execRetval != 0) { // not EXIT_SUCCESS
|
||||
// do some?
|
||||
};
|
||||
|
|
Loading…
Reference in New Issue