github/vesta
1
0
Fork 0
mirror of https://github.com/serghey-rodin/vesta.git synced 2025-08-20 21:34:11 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions

🔒 Fix OS command injection vulnerability.

Browse source
This commit is contained in:
Flat 2015-11-29 17:19:10 +09:00
commit 6e13036780
6 changed files with 9 additions and 8 deletions
Download patch file Download diff file Expand all files Collapse all files

2
web/search/index.php
View file

@ -28,8 +28,8 @@ $lang = 'ru_RU.utf8';
//setlocale(LC_ALL, $lang);
// Data
$q = escapeshellarg($q);
if ($_SESSION['user'] == 'admin') {
$q = escapeshellarg($q);
exec (VESTA_CMD."v-search-object ".$q." json", $output, $return_var);
$data = json_decode(implode('', $output), true);
include($_SERVER['DOCUMENT_ROOT'].'/templates/admin/list_search.html');