From fc0e7ba28b3dd06b17b7b2e95e193447bf549385 Mon Sep 17 00:00:00 2001
From: System Void <void@sysvoid.co>
Date: Fri, 11 Dec 2015 20:09:19 +0000
Subject: [PATCH] Forgot to escape that

Whoopsies
---
 web/api/index.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/web/api/index.php b/web/api/index.php
index 32886446d..c4a01341a 100644
--- a/web/api/index.php
+++ b/web/api/index.php
@@ -42,7 +42,7 @@ if (isset($_POST['user']) || isset($_POST['hash'])) {
         $i++;
         if (!empty($_POST['arg' . $i]))
         {
-            $args[] = $_POST['arg' . $i];
+            $args[] = escapeshellarg($_POST['arg' . $i]);
             continue;
         }
         break;