From 49dceb4dc1a30a3d3e9c0b0ef834f69ce3887ea6 Mon Sep 17 00:00:00 2001
From: Laurent Giovannoni <laurent.giovannoni@maarch.org>
Date: Thu, 19 Nov 2015 15:38:22 +0000
Subject: [PATCH] FIX #3076 protect exec

---
 core/trunk/core/docservers_tools.php | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/core/trunk/core/docservers_tools.php b/core/trunk/core/docservers_tools.php
index 9b2da1e8a2e..a823e96de10 100644
--- a/core/trunk/core/docservers_tools.php
+++ b/core/trunk/core/docservers_tools.php
@@ -470,7 +470,10 @@ function Ds_setRights($dest)
         && (isset($GLOBALS['apacheUserAndGroup'])
         && $GLOBALS['apacheUserAndGroup'] <> '')
     ) {
-        exec('chown ' . $GLOBALS['apacheUserAndGroup'] . ' ' . $dest);
+        exec('chown ' 
+            . escapeshellarg($GLOBALS['apacheUserAndGroup']) . ' ' 
+            . escapeshellarg($dest)
+        );
     }
     umask(0022);
     chmod($dest, 0770);
-- 
GitLab