blackicedbear/FHC-Core
1
0
Fork 0
mirror of https://github.com/FH-Complete/FHC-Core.git synced 2026-06-29 09:59:28 +00:00
Code Issues Packages Projects Releases Wiki Activity

Escaped Shell Arguments

Browse Source
This commit is contained in:
oesi
2015-05-04 16:37:08 +02:00
parent 79e4ea661d
commit 9539a06fa7
1 changed files with 17 additions and 17 deletions
Download Patch File Download Diff File Expand all files Collapse all files
cis/private/lehre/upload.php
+17 -17
View File
@@ -627,14 +627,14 @@
{
if(copy($_FILES[$file]['tmp_name'], $uploadfile))
{
exec('chmod 664 "'.$uploadfile.'"');
exec('chmod 664 '.escapeshellarg($uploadfile));
if($islector)
{
exec('sudo chown :teacher "'.$uploadfile.'"');
exec('sudo chown :teacher '.escapeshellarg($uploadfile));
}
else
{
exec('sudo chown :student "'.$uploadfile.'"');
exec('sudo chown :student '.escapeshellarg($uploadfile));
}
}
}
@@ -650,14 +650,14 @@
{
if(copy($_FILES[$file]['tmp_name'], $uploadfile))
{
exec('chmod 664 "'.$uploadfile.'"');
exec('chmod 664 '.escapeshellarg($uploadfile));
if($islector)
{
exec('sudo chown :teacher "'.$uploadfile.'"');
exec('sudo chown :teacher '.escapeshellarg($uploadfile));
}
else
{
exec('sudo chown :student "'.$uploadfile.'"');
exec('sudo chown :student '.escapeshellarg($uploadfile));
}
}
}
@@ -683,14 +683,14 @@
{
if(copy($_FILES[$file]['tmp_name'], $uploadfile))
{
exec('chmod 664 "'.$uploadfile.'"');
exec('chmod 664 '.escapeshellarg($uploadfile));
if($islector)
{
exec('sudo chown :teacher "'.$uploadfile.'"');
exec('sudo chown :teacher '.escapeshellarg($uploadfile));
}
else
{
exec('sudo chown :student "'.$uploadfile.'"');
exec('sudo chown :student '.escapeshellarg($uploadfile));
}
}
}
@@ -706,14 +706,14 @@
{
if(copy($_FILES[$file]['tmp_name'], $uploadfile))
{
exec('chmod 664 "'.$uploadfile.'"');
exec('chmod 664 '.escapeshellarg($uploadfile));
if($islector)
{
exec('sudo chown :teacher "'.$uploadfile.'"');
exec('sudo chown :teacher '.escapeshellarg($uploadfile));
}
else
{
exec('sudo chown :student "'.$uploadfile.'"');
exec('sudo chown :student '.escapeshellarg($uploadfile));
}
}
}
@@ -848,15 +848,15 @@
if(!@is_dir($dest_create_dir->path.'/'.$new_dir_name_text) && !@file_exists($dest_create_dir->path.'/'.$new_dir_name_text) && $new_dir_name_text != "")
{
@mkdir($dest_create_dir->path.'/'.$new_dir_name_text);
exec('chmod 775 "'.$dest_create_dir->path.'/'.$new_dir_name_text.'"');
exec('chmod 775 '.escapeshellarg($dest_create_dir->path.'/'.$new_dir_name_text));
if($islector)
{
exec('sudo chown :teacher "'.$dest_create_dir->path.'/'.$new_dir_name_text.'"');
exec('sudo chown :teacher '.escapeshellarg($dest_create_dir->path.'/'.$new_dir_name_text));
}
else
{
exec('sudo chown :student "'.$dest_create_dir->path.'/'.$new_dir_name_text.'"');
exec('sudo chown :student '.escapeshellarg($dest_create_dir->path.'/'.$new_dir_name_text));
}
}
}
@@ -1112,7 +1112,7 @@
if(@is_dir($dest_dir->path.'/'.$entry))
{
writeCISlog('DELETE', 'rm -r "'.$dest_dir->path.'/'.$entry.'"');
exec('rm -r "'.$dest_dir->path.'/'.$entry.'"');
exec('rm -r '.escapeshellarg($dest_dir->path.'/'.$entry));
}
unset($check_state);
@@ -1359,7 +1359,7 @@
if(!@is_dir($dest_dir->path.'/'.$entry))
{
writeCISlog('DELETE', 'rm -r "'.$dest_dir->path.'/'.$entry.'"');
exec('rm -r "'.$dest_dir->path.'/'.$entry.'"');
exec('rm -r '.escapeshellarg($dest_dir->path.'/'.$entry));
}
unset($check_state);