Uploaded image for project: 'Islandora'
  1. Islandora
  2. ISLANDORA-1999

Many calls to exec() are not sanitized and run values enter into the admin forms.

    Details

      Description

      In many cases, we call exec() on the path to a function that a user provides without sanitizing or checking that it's an executable.

      Audit all calls to exec() and escape or validate the input.

       

        Attachments

          Activity

            People

            • Assignee:
              rosiel Rosie Le Faive
              Reporter:
              rosiel Rosie Le Faive
            • Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

              • Created:
                Updated: