Snoopy: use escapeshellarg instead of escapeshellcmd
We are escaping arguments, not commands, so we'd better use the semantically correct function, even though they are similar. git-svn-id: https://develop.svn.wordpress.org/trunk@37094 602fd350-edb4-49c9-b593-d223f7449a82
This commit is contained in:
Nikolay Bachiyski
parent
f531959fa2
commit
8d55453ef4
|
|
@ -999,20 +999,23 @@ class Snoopy
|
|||
if(!empty($this->user) || !empty($this->pass))
|
||||
$headers[] = "Authorization: BASIC ".base64_encode($this->user.":".$this->pass);
|
||||
|
||||
for($curr_header = 0; $curr_header < count($headers); $curr_header++) {
|
||||
$safer_header = strtr( $headers[$curr_header], "\"", " " );
|
||||
$cmdline_params .= " -H \"".$safer_header."\"";
|
||||
$headerfile = tempnam( $this->temp_dir, "sno" );
|
||||
$cmdline_params = '-k -D ' . escapeshellarg( $headerfile );
|
||||
|
||||
foreach ( $headers as $header ) {
|
||||
$cmdline_params .= ' -H ' . escapeshellarg( $header );
|
||||
}
|
||||
|
||||
if(!empty($body))
|
||||
$cmdline_params .= " -d \"$body\"";
|
||||
if ( ! empty( $body ) ) {
|
||||
$cmdline_params .= ' -d ' . escapeshellarg( $body );
|
||||
}
|
||||
|
||||
if($this->read_timeout > 0)
|
||||
$cmdline_params .= " -m ".$this->read_timeout;
|
||||
if ( $this->read_timeout > 0 ) {
|
||||
$cmdline_params .= ' -m ' . escapeshellarg( $this->read_timeout );
|
||||
}
|
||||
|
||||
$headerfile = tempnam($this->temp_dir, "sno");
|
||||
|
||||
exec($this->curl_path." -k -D \"$headerfile\"".$cmdline_params." \"".escapeshellcmd($URI)."\"",$results,$return);
|
||||
exec( $this->curl_path . ' ' . $cmdline_params . ' ' . escapeshellarg( $URI ), $results, $return );
|
||||
|
||||
if($return)
|
||||
{
|
||||
|
|
|
|||
Loading…
Reference in New Issue