From: Roan Kattouw <catrope@users.mediawiki.org>
Date: Tue, 20 Jul 2010 13:11:53 +0000 (+0000)
Subject: Followup to r69553: double-escape arguments because we're feeding them to a shell... 
X-Git-Tag: 1.31.0-rc.0~36049
X-Git-Url: https://git.cyclocoop.org/%242?a=commitdiff_plain;h=1a40d8ef822de4e9f5ce6c8c0ce4959867144dbc;p=lhc%2Fweb%2Fwiklou.git

Followup to r69553: double-escape arguments because we're feeding them to a shell twice
---

diff --git a/maintenance/addwiki.php b/maintenance/addwiki.php
index 2e2f10889e..8e7cbfc49c 100644
--- a/maintenance/addwiki.php
+++ b/maintenance/addwiki.php
@@ -150,12 +150,13 @@ class AddWiki extends Maintenance {
 		# passthru( '/home/wikipedia/conf/interwiki/update' );
 		
 		$time = wfTimestamp( TS_RFC2822 );
-		$escDbName = wfEscapeShellArg( $dbname );
-		$escTime = wfEscapeShellArg( $time );
-		$escUcsite = wfEscapeShellArg( $ucsite );
-		$escName = wfEscapeShellArg( $name );
-		$escLang = wfEscapeShellArg( $lang );
-		$escDomain = wfEscapeShellArg( $domain );
+		// These arguments need to be escaped twice: once for echo and once for at
+		$escDbName = wfEscapeShellArg( wfEscapeShellArg( $dbname ) );
+		$escTime = wfEscapeShellArg( wfEscapeShellArg( $time ) );
+		$escUcsite = wfEscapeShellArg( wfEscapeShellArg( $ucsite ) );
+		$escName = wfEscapeShellArg( wfEscapeShellArg( $name ) );
+		$escLang = wfEscapeShellArg( wfEscapeShellArg( $lang ) );
+		$escDomain = wfEscapeShellArg( wfEscapeShellArg( $domain ) );
 		shell_exec( "echo notifyNewProjects $escDbName $escTime $escUcsite $escName $escLang $escDomain | at now + 15 minutes" );
 		
 		$this->output( "Script ended. You still have to: