Backup pkg - use escapeshellarg rather than htmlspecialchars. Adapted from PR 1257 in old packages repo.

2 files changed, 2 insertions, 2 deletions

diff --git a/sysutils/pfSense-pkg-Backup/Makefile b/sysutils/pfSense-pkg-Backup/Makefile
index 0439285..f1dd063 100644
--- a/sysutils/pfSense-pkg-Backup/Makefile
+++ b/sysutils/pfSense-pkg-Backup/Makefile
@@ -2,7 +2,7 @@
 
 PORTNAME=	pfSense-pkg-Backup
 PORTVERSION=	0.4
-PORTREVISION=	1
+PORTREVISION=	2
 CATEGORIES=	sysutils
 MASTER_SITES=	# empty
 DISTFILES=	# empty
diff --git a/sysutils/pfSense-pkg-Backup/files/usr/local/www/packages/backup/backup.php b/sysutils/pfSense-pkg-Backup/files/usr/local/www/packages/backup/backup.php
index fe4e19a..545ab66 100644
--- a/sysutils/pfSense-pkg-Backup/files/usr/local/www/packages/backup/backup.php
+++ b/sysutils/pfSense-pkg-Backup/files/usr/local/www/packages/backup/backup.php
@@ -59,7 +59,7 @@ if ($_GET['a'] == "download") {
 			$backup_cmd = "/usr/bin/tar --create --verbose --gzip --file {$backup_path} --directory / ";
 			foreach ($a_backup as $ent) {
 				if ($ent['enabled'] == "true") {
-					$backup_cmd .= htmlspecialchars($ent['path']) . ' ';
+					$backup_cmd .= escapeshellarg($ent['path']) . ' ';
 				}
 				$i++;
 			}