diff options
author | Renato Botelho <garga@FreeBSD.org> | 2014-06-17 09:40:06 -0300 |
---|---|---|
committer | Renato Botelho <garga@FreeBSD.org> | 2014-06-17 09:40:27 -0300 |
commit | 45438fd3fd14a76491f633bf9d34bc239cabb876 (patch) | |
tree | c202120211fdcd18a6c3d4df7a7035e2b63cd5dc /usr/local/www/diag_smart.php | |
parent | 76c4ff0ecf269272aad3a6f06942596d2f0ab9ff (diff) | |
download | pfsense-45438fd3fd14a76491f633bf9d34bc239cabb876.zip pfsense-45438fd3fd14a76491f633bf9d34bc239cabb876.tar.gz |
Escape parameters passed to shell_exec()
Diffstat (limited to 'usr/local/www/diag_smart.php')
-rw-r--r-- | usr/local/www/diag_smart.php | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/usr/local/www/diag_smart.php b/usr/local/www/diag_smart.php index f024589..2cbc60b 100644 --- a/usr/local/www/diag_smart.php +++ b/usr/local/www/diag_smart.php @@ -85,7 +85,7 @@ function update_email($email) if(!empty($email)) { // Put it in the smartd.conf file - shell_exec("/usr/bin/sed -i old 's/^DEVICESCAN.*/DEVICESCAN -H -m " . $email . "/' /usr/local/etc/smartd.conf"); + shell_exec("/usr/bin/sed -i old 's/^DEVICESCAN.*/DEVICESCAN -H -m " . escapeshellarg($email) . "/' /usr/local/etc/smartd.conf"); } // Nope else |