Uploaded image for project: 'Islandora'
  1. Islandora
  2. ISLANDORA-1853

Instances of escapeshellcmd() where escapeshellarg() is required

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Minor
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: None
    • Labels:
      None

      Description

      Specifically here and here and possibly here (cancel that third one, it's already made sanitized)

      In each of these cases, a path to a file is being passed into the invocation of exec() without being escaped; escapeshellcmd() is being relied upon instead, which cannot account for cases where the path needs to be escaped and in quotes (e.g., if there is a space in the path).

      While this is typically not an issue (Large Image typically runs these on a sanitized temporary file), modules implementing these commands and others that rely on them, such as islandora_large_image_imagemagick_convert, will throw warnings and fail to function when providing files with spaces in them.

      These lines should be modified so that any variables referencing paths are escaped through escapeshellarg().

        Attachments

          Activity

            People

            • Assignee:
              daitken Daniel Aitken
              Reporter:
              daitken Daniel Aitken
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: