[DOC-WEB] [web-doc] master: escape git diff args
1 view
Skip to first unread message
Peter Cowburn
Jul 29, 2021, 7:58:07 AM7/29/21
to doc...@lists.php.net
Author: Peter Cowburn (salathe)
Date: 2021-07-29T12:56:36+01:00
Commit: https://github.com/php/web-doc/commit/c6564224e178b0227d3fe0d030f3a60d354ea727
Raw diff: https://github.com/php/web-doc/commit/c6564224e178b0227d3fe0d030f3a60d354ea727.diff
escape git diff args
Changed paths:
M include/lib_revcheck.inc.php
Diff:
diff --git a/include/lib_revcheck.inc.php b/include/lib_revcheck.inc.php
index bdfbde1..3e31c2c 100644
--- a/include/lib_revcheck.inc.php
+++ b/include/lib_revcheck.inc.php
@@ -248,7 +248,9 @@ function showdiff ()
$c = $_GET['c'];
$cwd = getcwd();
chdir( GIT_DIR . 'en' );
- $file = `git diff {$h} -- {$gitfile}`;
+ $arg_h = escapeshellarg($h);
+ $arg_f = escapeshellarg($gitfile);
+ $file = `git diff {$arg_h} -- {$arg_f}`;
chdir( $cwd );
$raw = htmlspecialchars( $file, ENT_XML1, 'UTF-8' );
if ( $c == 'on' ) {
--
Documentation Website Mailing List (http://doc.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Date: 2021-07-29T12:56:36+01:00
Commit: https://github.com/php/web-doc/commit/c6564224e178b0227d3fe0d030f3a60d354ea727
Raw diff: https://github.com/php/web-doc/commit/c6564224e178b0227d3fe0d030f3a60d354ea727.diff
escape git diff args
Changed paths:
M include/lib_revcheck.inc.php
Diff:
diff --git a/include/lib_revcheck.inc.php b/include/lib_revcheck.inc.php
index bdfbde1..3e31c2c 100644
--- a/include/lib_revcheck.inc.php
+++ b/include/lib_revcheck.inc.php
@@ -248,7 +248,9 @@ function showdiff ()
$c = $_GET['c'];
$cwd = getcwd();
chdir( GIT_DIR . 'en' );
- $file = `git diff {$h} -- {$gitfile}`;
+ $arg_h = escapeshellarg($h);
+ $arg_f = escapeshellarg($gitfile);
+ $file = `git diff {$arg_h} -- {$arg_f}`;
chdir( $cwd );
$raw = htmlspecialchars( $file, ENT_XML1, 'UTF-8' );
if ( $c == 'on' ) {
--
Documentation Website Mailing List (http://doc.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Reply all
Reply to author
Forward
0 new messages