29 lines
1.3 KiB
Diff
29 lines
1.3 KiB
Diff
|
------------------------------------------------------------------------
|
||
|
r7442 | rony | 2014-03-30 18:41:56 -0500 (Sun, 30 Mar 2014) | 2 lines
|
||
|
|
||
|
bug#0002433: CVE-2014-2328 Unspecified Remote Command Execution Vulnerability
|
||
|
|
||
|
------------------------------------------------------------------------
|
||
|
Index: branches/0.8.8/lib/graph_export.php
|
||
|
===================================================================
|
||
|
--- branches/0.8.8/lib/graph_export.php (revision 7441)
|
||
|
+++ branches/0.8.8/lib/graph_export.php (revision 7442)
|
||
|
@@ -339,7 +339,7 @@
|
||
|
chdir($stExportDir);
|
||
|
|
||
|
/* set the initial command structure */
|
||
|
- $stExecute = 'ncftpput -R -V -r 1 -u '.$aFtpExport['username'].' -p '.$aFtpExport['password'];
|
||
|
+ $stExecute = 'ncftpput -R -V -r 1 -u ' . cacti_escapeshellarg($aFtpExport['username']) . ' -p ' . cacti_escapeshellarg($aFtpExport['password']);
|
||
|
|
||
|
/* if the user requested passive mode, use it */
|
||
|
if ($aFtpExport['passive']) {
|
||
|
@@ -347,7 +347,7 @@
|
||
|
}
|
||
|
|
||
|
/* setup the port, server, remote directory and all files */
|
||
|
- $stExecute .= ' -P ' . $aFtpExport['port'] . ' ' . $aFtpExport['server'] . ' ' . $aFtpExport['remotedir'] . ".";
|
||
|
+ $stExecute .= ' -P ' . cacti_escapeshellarg($aFtpExport['port']) . ' ' . cacti_escapeshellarg($aFtpExport['server']) . ' ' . cacti_escapeshellarg($aFtpExport['remotedir']) . ".";
|
||
|
|
||
|
/* run the command */
|
||
|
$iExecuteReturns = 0;
|