76
77
78
79
80
81
82
83
84
85
86
87
88
89
|
rc = _wsystem(zUnicode);
fossil_unicode_free(zUnicode);
free(zNewCmd);
#else
/* On unix, evaluate the command directly.
*/
if( g.fSystemTrace ) fprintf(stderr, "SYSTEM: %s\n", zOrigCmd);
rc = system(zOrigCmd);
#endif
return rc;
}
/*
** Like strcmp() except that it accepts NULL pointers. NULL sorts before
|
>
>
>
>
>
>
>
>
>
|
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
|
rc = _wsystem(zUnicode);
fossil_unicode_free(zUnicode);
free(zNewCmd);
#else
/* On unix, evaluate the command directly.
*/
if( g.fSystemTrace ) fprintf(stderr, "SYSTEM: %s\n", zOrigCmd);
/* Unix systems should never shell-out while processing an HTTP request,
** either via CGI, SCGI, or direct HTTP. The following assert verifies
** this. And the following assert proves that Fossil is not vulnerable
** to the ShellShock or BashDoor bug.
*/
assert( g.cgiOutput==0 );
/* The regular system() call works to get a shell on unix */
rc = system(zOrigCmd);
#endif
return rc;
}
/*
** Like strcmp() except that it accepts NULL pointers. NULL sorts before
|