From e8dda462f3b02628b4d878ed2c133f1f04d26a50 Mon Sep 17 00:00:00 2001 From: Pascal Dreissen <pascal@dreissen.nl> Date: Fri, 08 Jul 2016 05:25:42 -0400 Subject: [PATCH] escapeshellarg document root for security reasons (fixes #3984) --- server/plugins-available/apache2_plugin.inc.php | 6 +++--- 1 files changed, 3 insertions(+), 3 deletions(-) diff --git a/server/plugins-available/apache2_plugin.inc.php b/server/plugins-available/apache2_plugin.inc.php index 7aaac00..f4b6ab7 100644 --- a/server/plugins-available/apache2_plugin.inc.php +++ b/server/plugins-available/apache2_plugin.inc.php @@ -884,7 +884,7 @@ } // get the primitive folder for document_root and the filesystem, will need it later. - $df_output=explode(" ", exec("df -T $document_root|awk 'END{print \$2,\$NF}'")); + $df_output=explode(" ", exec("df -T " . escapeshellarg($data['new']['document_root']) . "|awk 'END{print \$2,\$NF}'")); $file_system = $df_output[0]; $primitive_root = $df_output[1]; @@ -1207,8 +1207,8 @@ if(is_array($aliasdomains)) { foreach($aliasdomains as $aliasdomain) { $temp_domains[] = $aliasdomain['domain']; - if(isset($aliasdomain['subdomain']) && (! empty($aliasdomain['subdomain']) && $aliasdomain['subdomain']) != "none" ) { - $temp_domains[] = $aliasdomain['subdomain'] . "." . $aliasdomain['domain']; + if(isset($aliasdomain['subdomain']) && ($aliasdomain['subdomain'] != "none")) { + $temp_domains[] = "www." . $aliasdomain['domain']; } } } -- Gitblit v1.9.1