From e41ab9aa320b4e64a8b99271bb7d3d094da59d56 Mon Sep 17 00:00:00 2001
From: Renato Botelho <garga@FreeBSD.org>
Date: Tue, 17 Jun 2014 09:40:06 -0300
Subject: Escape parameters passed to shell_exec()

---
 usr/local/www/diag_smart.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'usr/local/www')

diff --git a/usr/local/www/diag_smart.php b/usr/local/www/diag_smart.php
index d2309e6..73f3405 100644
--- a/usr/local/www/diag_smart.php
+++ b/usr/local/www/diag_smart.php
@@ -85,7 +85,7 @@ function update_email($email)
 	if(!empty($email))
 	{
 		// Put it in the smartd.conf file
-		shell_exec("/usr/bin/sed -i old 's/^DEVICESCAN.*/DEVICESCAN -H -m " . $email . "/' /usr/local/etc/smartd.conf");
+		shell_exec("/usr/bin/sed -i old 's/^DEVICESCAN.*/DEVICESCAN -H -m " . escapeshellarg($email) . "/' /usr/local/etc/smartd.conf");
 	}
 	// Nope
 	else
-- 
cgit v1.1