Now all command-line arguments are being passed through escapeshellcmd()
authorRoland Häder <roland@mxchange.org>
Tue, 24 Mar 2009 07:17:56 +0000 (07:17 +0000)
committerRoland Häder <roland@mxchange.org>
Tue, 24 Mar 2009 07:17:56 +0000 (07:17 +0000)
inc/classes/main/request/console/class_ConsoleRequest.php

index 6ef86f5..aaa1540 100644 (file)
@@ -80,8 +80,8 @@ class ConsoleRequest extends BaseRequest implements Requestable {
                                // Add it likewise, but empty value
                                $this->setRequestElement($argArray[0], "");
                        } else {
-                               // Set a name=value pair
-                               $this->setRequestElement($argArray[0], $argArray[1]);
+                               // Set a name=value pair escaped and secured
+                               $this->setRequestElement($argArray[0], escapeshellcmd($argArray[1]));
                        }
                } // END - foreach
        }