WordPress.org

Make WordPress Core


Ignore:
Timestamp:
03/30/2016 01:57:40 PM (5 years ago)
Author:
nbachiyski
Message:

Snoopy: use escapeshellarg instead of escapeshellcmd

We are escaping arguments, not commands, so we'd better use the semantically correct function, even though they are similar.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-includes/class-snoopy.php

    r34348 r37094  
    10001000            $headers[] = "Authorization: BASIC ".base64_encode($this->user.":".$this->pass);
    10011001
    1002         for($curr_header = 0; $curr_header < count($headers); $curr_header++) {
    1003             $safer_header = strtr( $headers[$curr_header], "\"", " " );
    1004             $cmdline_params .= " -H \"".$safer_header."\"";
    1005         }
    1006 
    1007         if(!empty($body))
    1008             $cmdline_params .= " -d \"$body\"";
    1009 
    1010         if($this->read_timeout > 0)
    1011             $cmdline_params .= " -m ".$this->read_timeout;
    1012 
    1013         $headerfile = tempnam($this->temp_dir, "sno");
    1014 
    1015         exec($this->curl_path." -k -D \"$headerfile\"".$cmdline_params." \"".escapeshellcmd($URI)."\"",$results,$return);
     1002        $headerfile = tempnam( $this->temp_dir, "sno" );
     1003        $cmdline_params = '-k -D ' . escapeshellarg( $headerfile );
     1004
     1005        foreach ( $headers as $header ) {
     1006            $cmdline_params .= ' -H ' . escapeshellarg( $header );
     1007        }
     1008
     1009        if ( ! empty( $body ) ) {
     1010            $cmdline_params .= ' -d ' . escapeshellarg( $body );
     1011        }
     1012
     1013        if ( $this->read_timeout > 0 ) {
     1014            $cmdline_params .= ' -m ' . escapeshellarg( $this->read_timeout );
     1015        }
     1016
     1017
     1018        exec( $this->curl_path . ' ' . $cmdline_params . ' ' . escapeshellarg( $URI ), $results, $return );
    10161019
    10171020        if($return)
Note: See TracChangeset for help on using the changeset viewer.