diff options
| -rw-r--r-- | packages/spamd_db.php | 10 |
1 files changed, 5 insertions, 5 deletions
diff --git a/packages/spamd_db.php b/packages/spamd_db.php index 10cf7a26..5acc093f 100644 --- a/packages/spamd_db.php +++ b/packages/spamd_db.php @@ -35,7 +35,7 @@ if($_POST['filter']) if($_POST['not']) $not = true; if($_POST['limit']) - $limit = $_POST['limit']; + $limit = intval($_POST['limit']); else $limit = "25"; @@ -321,12 +321,12 @@ if (typeof getURL == 'undefined') { if($filter) { if($not) { $fd = fopen("/tmp/spamdb", "w"); - $cmd = "/usr/local/sbin/spamdb | grep -v \"" . $filter . "\" | tail -n {$limit}"; + $cmd = "/usr/local/sbin/spamdb | grep -v \"" . escapeshellarg($filter) . "\" | tail -n {$limit}"; fwrite($fd, $cmd); fclose($fd); $pkgdb = split("\n", `$cmd`); if(file_exists("/var/db/blacklist.txt")) { - $cmd = "cat /var/db/blacklist.txt | grep -v \"" . $filter . "\" "; + $cmd = "cat /var/db/blacklist.txt | grep -v \"" . escapeshellarg($filter) . "\" "; $pkgdba = split("\n", `$cmd`); foreach($pkgdba as $pkg) { $pkgdb[] = "TRAPPED|{$pkg}|1149324397"; @@ -334,11 +334,11 @@ if (typeof getURL == 'undefined') { } } else { - $cmd = "/usr/local/sbin/spamdb | grep \"{$filter}\" | tail -n {$limit}"; + $cmd = "/usr/local/sbin/spamdb | grep " . escapeshellarg($filter) . " | tail -n {$limit}"; $pkgdb = split("\n", `$cmd`); if(file_exists("/var/db/blacklist.txt")) { - $cmd = "cat /var/db/blacklist.txt | grep \"{$filter}\" "; + $cmd = "cat /var/db/blacklist.txt | grep " . escapeshellarg($filter); $pkgdba = split("\n", `$cmd`); foreach($pkgdba as $pkg) { $pkgdb[] = "TRAPPED|{$pkg}|1149324397"; |