Use escapeshellarg for spamd; remove unused echo.

author: jim-p <jimp@pfsense.org> 2014-02-18 16:15:54 -0500
committer: jim-p <jimp@pfsense.org> 2014-02-18 16:15:54 -0500
commit: a973e73b6fe151a342d5c998ed02c3fce482d006 (patch)
tree: 3db0645d2834c5124db6f2dd66d97a5005ca4702 /config/spamd/spamd_db.php
parent: 48a6f785e551967611ca49f40c05d1a567dd628e (diff)
download: pfsense-packages-a973e73b6fe151a342d5c998ed02c3fce482d006.tar.gz
pfsense-packages-a973e73b6fe151a342d5c998ed02c3fce482d006.tar.bz2
pfsense-packages-a973e73b6fe151a342d5c998ed02c3fce482d006.zip
1 files changed, 1 insertions, 1 deletions
diff --git a/config/spamd/spamd_db.php b/config/spamd/spamd_db.php
index 112fdd71..c4c8ffe2 100644
--- a/config/spamd/spamd_db.php
+++ b/config/spamd/spamd_db.php
@@ -103,7 +103,7 @@ if($_POST['spamtrapemail'] <> "") {
 }
 
 if($_GET['getstatus'] <> "") {
-	$status = exec("/usr/local/sbin/spamdb | grep \"{$_GET['getstatus']}\"");
+	$status = exec("/usr/local/sbin/spamdb | grep " . escapeshellarg($_GET['getstatus']));
 	if(stristr($status, "WHITE") == true) {
 		echo "WHITE";
 	} else if(stristr($status, "TRAPPED") == true) {
author	jim-p <jimp@pfsense.org>	2014-02-18 16:15:54 -0500
committer	jim-p <jimp@pfsense.org>	2014-02-18 16:15:54 -0500
commit	a973e73b6fe151a342d5c998ed02c3fce482d006 (patch)
tree	3db0645d2834c5124db6f2dd66d97a5005ca4702 /config/spamd/spamd_db.php
parent	48a6f785e551967611ca49f40c05d1a567dd628e (diff)
download	pfsense-packages-a973e73b6fe151a342d5c998ed02c3fce482d006.tar.gz pfsense-packages-a973e73b6fe151a342d5c998ed02c3fce482d006.tar.bz2 pfsense-packages-a973e73b6fe151a342d5c998ed02c3fce482d006.zip