Skip to content

Commit 87465f7

Browse files
Merge pull request #2111 from nextcloud/fix/ncp-web/unescaped-bash-args
ncp-launcher.php: Escape all bash arguments in ncp-web
2 parents 7f91ea0 + b0d782a commit 87465f7

1 file changed

Lines changed: 7 additions & 2 deletions

File tree

ncp-web/ncp-launcher.php

Lines changed: 7 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -16,6 +16,11 @@
1616
$l10nDir = "l10n";
1717
ignore_user_abort(true);
1818

19+
function bash_escape_arg($arg): string
20+
{
21+
return "'" . str_replace("'", "\\'", $arg) . "'";
22+
}
23+
1924
//
2025
// language
2126
//
@@ -105,7 +110,7 @@
105110
echo ' "output": "" , ';
106111
echo ' "ret": ';
107112

108-
exec( 'bash -c "sudo /home/www/ncp-launcher.sh ' . $ncp_app . '"' , $output , $ret );
113+
exec( 'bash -c "sudo /home/www/ncp-launcher.sh ' . bash_escape_arg($ncp_app) . '"' , $output , $ret );
109114
echo '"' . $ret . '" }';
110115
}
111116

@@ -159,7 +164,7 @@
159164
exit('{ "output": "domain can\'t be empty", "ret": 1 }');
160165
}
161166
echo '{ "token": "' . getCSRFToken() . '",'; // Get new token
162-
exec("/usr/bin/php /var/www/nextcloud/occ config:system:set overwrite.cli.url --value '" . $_POST['url'] . "'",
167+
exec("/usr/bin/php /var/www/nextcloud/occ config:system:set overwrite.cli.url --value " . bash_escape_arg($_POST['url']),
163168
$out, $ret);
164169
echo ' "out": "' . htmlspecialchars(join("\n", $out), ENT_QUOTES, "UTF-8") . '", ';
165170
echo ' "ret": "' . $ret . '"}';

0 commit comments

Comments
 (0)