From 9249074503d88b1dd2d6d606d2f71257a1ad6419 Mon Sep 17 00:00:00 2001
From: Scott Ullrich <sullrich@gmail.com>
Date: Sun, 25 Sep 2011 23:04:43 -0400
Subject: Use escapeshellcmd

---
 usr/local/www/system_firmware_restorefullbackup.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/usr/local/www/system_firmware_restorefullbackup.php b/usr/local/www/system_firmware_restorefullbackup.php
index bd98241..6d39829 100755
--- a/usr/local/www/system_firmware_restorefullbackup.php
+++ b/usr/local/www/system_firmware_restorefullbackup.php
@@ -66,9 +66,9 @@ if($_GET['downloadbackup']) {
 	session_cache_limiter('public');
 	$fd = fopen($filename, "rb");
 	header("Content-Type: application/octet-stream");
-	header("Content-Length: " . filesize("/root/" . $filename));
+	header("Content-Length: " . filesize("/root/" . escapeshellcmd($filename)));
 	header("Content-Disposition: attachment; filename=\"" .
-		trim(htmlentities(basename("/root/" .$filename))) . "\"");
+		trim(htmlentities(basename("/root/" . escapeshellcmd($filename)))) . "\"");
 	if (isset($_SERVER['HTTPS'])) {
 		header('Pragma: ');
 		header('Cache-Control: ');
-- 
cgit v1.1