From 749d4734a4eb3db7a98f1f2493752c7599e8776e Mon Sep 17 00:00:00 2001
From: =?utf8?q?Roland=20H=C3=A4der?= <roland@mxchange.org>
Date: Tue, 24 Mar 2009 07:17:56 +0000
Subject: [PATCH] Now all command-line arguments are being passed through
 escapeshellcmd()

---
 inc/classes/main/request/console/class_ConsoleRequest.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/inc/classes/main/request/console/class_ConsoleRequest.php b/inc/classes/main/request/console/class_ConsoleRequest.php
index 6ef86f5e..aaa1540e 100644
--- a/inc/classes/main/request/console/class_ConsoleRequest.php
+++ b/inc/classes/main/request/console/class_ConsoleRequest.php
@@ -80,8 +80,8 @@ class ConsoleRequest extends BaseRequest implements Requestable {
 				// Add it likewise, but empty value
 				$this->setRequestElement($argArray[0], "");
 			} else {
-				// Set a name=value pair
-				$this->setRequestElement($argArray[0], $argArray[1]);
+				// Set a name=value pair escaped and secured
+				$this->setRequestElement($argArray[0], escapeshellcmd($argArray[1]));
 			}
 		} // END - foreach
 	}
-- 
2.39.5