security fix

fix bug : indexer did not start
2025-10-17 06:53:15 +00:00 · 2012-09-26 17:04:02 +02:00
parent bdc059028a
commit a078aac6da
1 changed files with 18 additions and 10 deletions
--- a/lib/classes/task/period/cindexer.class.php
+++ b/lib/classes/task/period/cindexer.class.php
@@ -222,13 +222,12 @@ class task_period_cindexer extends task_abstract
                    if(user.value)
                        cmd += " -u=" + user.value;
                    if(password.value)
-                        cmd += " -p=" + password.value;
+                        cmd += " -p=xxxxxx"; // + password.value;
                    if(socket.value)
                        cmd += " --socket=" + socket.value;
                    if(charset.value)
                        cmd += " --default-character-set=" + charset.value;
-                    if(use_sbas.checked)
-                        cmd += " -o";
+                    cmd += " -o";
                    if(nolog.checked)
                        cmd += " -n";
                    if(clng.value)
@@ -395,16 +394,14 @@ class task_period_cindexer extends task_abstract
        }
        if ($this->password) {
            $args[] = '-p=' . $this->password;
-            $args_nopwd[] = '-p=******';
+            $args_nopwd[] = '-p=xxxxxxx';
        }
        if ($this->socket) {
            $args[] = '--socket=' . $this->socket;
            $args_nopwd[] = '--socket=' . $this->socket;
        }
-        if ($this->use_sbas) {
-            $args[] = '-o';
-            $args_nopwd[] = '-o';
-        }
+        $args[] = '-o';
+        $args_nopwd[] = '-o';
        if ($this->charset) {
            $args[] = '--default-character-set=' . $this->charset;
            $args_nopwd[] = '--default-character-set=' . $this->charset;
@@ -460,9 +457,20 @@ class task_period_cindexer extends task_abstract

        $pipes = array();

-        $this->log(sprintf('cmd=\'%s %s\'', $cmd, implode(' ', $args_nopwd)));
+        $logcmd = $cmd;
+        foreach ($args_nopwd as $arg)
+        {
+            $logcmd .= ' ' . escapeshellarg($arg);
+        }

-        $process = proc_open($cmd . ' ' . implode(' ', $args), $descriptors, $pipes, $this->binpath, null, array('bypass_shell' => true));
+        $this->log(sprintf('cmd=\'%s\'', escapeshellcmd($logcmd) ));
+
+        $execmd = $cmd;
+        foreach ($args as $arg)
+        {
+            $execmd .= ' ' . escapeshellarg($arg);
+        }
+        $process = proc_open(escapeshellcmd($execmd), $descriptors, $pipes, $this->binpath, null, array('bypass_shell' => true));

        $pid = NULL;
        if (is_resource($process)) {