From 1a40d8ef822de4e9f5ce6c8c0ce4959867144dbc Mon Sep 17 00:00:00 2001 From: Roan Kattouw Date: Tue, 20 Jul 2010 13:11:53 +0000 Subject: [PATCH] Followup to r69553: double-escape arguments because we're feeding them to a shell twice --- maintenance/addwiki.php | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/maintenance/addwiki.php b/maintenance/addwiki.php index 2e2f10889e..8e7cbfc49c 100644 --- a/maintenance/addwiki.php +++ b/maintenance/addwiki.php @@ -150,12 +150,13 @@ class AddWiki extends Maintenance { # passthru( '/home/wikipedia/conf/interwiki/update' ); $time = wfTimestamp( TS_RFC2822 ); - $escDbName = wfEscapeShellArg( $dbname ); - $escTime = wfEscapeShellArg( $time ); - $escUcsite = wfEscapeShellArg( $ucsite ); - $escName = wfEscapeShellArg( $name ); - $escLang = wfEscapeShellArg( $lang ); - $escDomain = wfEscapeShellArg( $domain ); + // These arguments need to be escaped twice: once for echo and once for at + $escDbName = wfEscapeShellArg( wfEscapeShellArg( $dbname ) ); + $escTime = wfEscapeShellArg( wfEscapeShellArg( $time ) ); + $escUcsite = wfEscapeShellArg( wfEscapeShellArg( $ucsite ) ); + $escName = wfEscapeShellArg( wfEscapeShellArg( $name ) ); + $escLang = wfEscapeShellArg( wfEscapeShellArg( $lang ) ); + $escDomain = wfEscapeShellArg( wfEscapeShellArg( $domain ) ); shell_exec( "echo notifyNewProjects $escDbName $escTime $escUcsite $escName $escLang $escDomain | at now + 15 minutes" ); $this->output( "Script ended. You still have to: -- 2.20.1