Check-in [ec1cc1e2e0]

Many hyperlinks are disabled.
Use anonymous login to enable hyperlinks.

Overview
Comment:Ensure username is properly sanitized
Timelines: family | ancestors | descendants | both | trunk
Files: files | file ages | folders
SHA1: ec1cc1e2e0e633be8e6d153ea2757e3a648ce517
User & Date: rkeene 2016-10-03 16:56:55.191
Context
2016-11-22
18:22
Updated to ensure that no non-default SSH command is used for a pull check-in: f79eaca9ca user: rkeene tags: trunk
2016-10-03
16:56
Ensure username is properly sanitized check-in: ec1cc1e2e0 user: rkeene tags: trunk
16:51
Setting/unsetting environment variables in the constructor causes issues when objects are created and destroyed, leaving environment variables unset -- instead paramaterize the call to Fossil, this is better anyway check-in: 1af745f0f9 user: rkeene tags: trunk
Changes
Unified Diff Ignore Whitespace Patch
Changes to nano/fossil.php.
22
23
24
25
26
27
28


29
30
31
32
33
34
35
36
    private function getFossilCommand($timeout = 0, $cgi = false) {
        $fossil = "/usr/local/bin/fossil";

        if ($timeout) {
            $fossil = "timeout {$timeout} {$fossil}";
        }



        $cmd = "HOME={$this->workdir} USER={$this->user['username']} {$fossil}";

        if ($cgi) {
            $cmd = "GATEWAY_INTERFACE=1 {$cmd}";
        } else {
            $cmd = "unset GATEWAY_INTERFACE; {$cmd}";
        }








>
>
|







22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
    private function getFossilCommand($timeout = 0, $cgi = false) {
        $fossil = "/usr/local/bin/fossil";

        if ($timeout) {
            $fossil = "timeout {$timeout} {$fossil}";
        }

        $username = escapeshellarg($this->user['username']);

        $cmd = "HOME={$this->workdir} USER={$username} {$fossil}";

        if ($cgi) {
            $cmd = "GATEWAY_INTERFACE=1 {$cmd}";
        } else {
            $cmd = "unset GATEWAY_INTERFACE; {$cmd}";
        }