From d21a6d4fe525f61f42c5529a74fdf5561cd52738 Mon Sep 17 00:00:00 2001 From: Serghey Rodin Date: Fri, 19 Dec 2014 00:39:59 +0200 Subject: [PATCH] Improved backup var validation --- web/list/backup/index.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/web/list/backup/index.php b/web/list/backup/index.php index 4c13cb7e..59723c22 100644 --- a/web/list/backup/index.php +++ b/web/list/backup/index.php @@ -19,7 +19,7 @@ if (empty($_GET['backup'])){ unset($output); include($_SERVER['DOCUMENT_ROOT'].'/templates/admin/list_backup.html'); } else { - exec (VESTA_CMD."v-list-user-backup $user '".$_GET['backup']."' json", $output, $return_var); + exec (VESTA_CMD."v-list-user-backup $user '".escapeshellarg($_GET['backup'])."' json", $output, $return_var); $data = json_decode(implode('', $output), true); $data = array_reverse($data,true); unset($output);