]>
Commit | Line | Data |
---|---|---|
59dbe8d4 MT |
1 | ------------------------------------------------------------------------ |
2 | r7442 | rony | 2014-03-30 18:41:56 -0500 (Sun, 30 Mar 2014) | 2 lines | |
3 | ||
4 | bug#0002433: CVE-2014-2328 Unspecified Remote Command Execution Vulnerability | |
5 | ||
6 | ------------------------------------------------------------------------ | |
7 | Index: branches/0.8.8/lib/graph_export.php | |
8 | =================================================================== | |
9 | --- branches/0.8.8/lib/graph_export.php (revision 7441) | |
10 | +++ branches/0.8.8/lib/graph_export.php (revision 7442) | |
11 | @@ -339,7 +339,7 @@ | |
12 | chdir($stExportDir); | |
13 | ||
14 | /* set the initial command structure */ | |
15 | - $stExecute = 'ncftpput -R -V -r 1 -u '.$aFtpExport['username'].' -p '.$aFtpExport['password']; | |
16 | + $stExecute = 'ncftpput -R -V -r 1 -u ' . cacti_escapeshellarg($aFtpExport['username']) . ' -p ' . cacti_escapeshellarg($aFtpExport['password']); | |
17 | ||
18 | /* if the user requested passive mode, use it */ | |
19 | if ($aFtpExport['passive']) { | |
20 | @@ -347,7 +347,7 @@ | |
21 | } | |
22 | ||
23 | /* setup the port, server, remote directory and all files */ | |
24 | - $stExecute .= ' -P ' . $aFtpExport['port'] . ' ' . $aFtpExport['server'] . ' ' . $aFtpExport['remotedir'] . "."; | |
25 | + $stExecute .= ' -P ' . cacti_escapeshellarg($aFtpExport['port']) . ' ' . cacti_escapeshellarg($aFtpExport['server']) . ' ' . cacti_escapeshellarg($aFtpExport['remotedir']) . "."; | |
26 | ||
27 | /* run the command */ | |
28 | $iExecuteReturns = 0; |