Project

General

Profile

Actions

Bug #3321

closed

escapeshellcmd blacklisted results in configuration erroring out

Added by krileon about 12 years ago. Updated over 11 years ago.

Status:
Closed
Priority:
High
Assignee:
Target version:
Start date:
06 March 2012
Due date:
% Done:

100%

Estimated time:
1:00 h

Description

When escapeshellcmd is blacklisted by a servers security it results in the configuration page displaying nothing or erroring out. Should check if function is available before attempting to use and if not just return $command as done for windows servers.


Files

3321.patch (756 Bytes) 3321.patch krileon, 06 March 2012 16:56
imgToolbox.class.php (31.9 KB) imgToolbox.class.php krileon, 06 March 2012 16:56

Updated by krileon about 12 years ago

Actions #2

Updated by beat almost 12 years ago

  • Target version changed from CB 1.8.1 to CB 1.9
Actions #3

Updated by beat over 11 years ago

  • Priority changed from Normal to High
Actions #4

Updated by beat over 11 years ago

  • Status changed from Resolved to Closed
  • Estimated time set to 1:00 h

This warning only appears when exec() is enabled !!!!

Means the server is really misconfigured !

On Unix servers we should not use exec without escapeshellcmd.

Allowing exec but not escapeshellcmd() is complete non-sense. Thus that case should be handled not as suggested, but we should check for that at same time as exec().

Thus fixed the issue differently than suggested.

Committed in r1880 .

Actions

Also available in: Atom PDF