Access Control - Edit: Escape submitted values in dig command.

2025-12-30 00:53:50 +00:00 · 2025-03-20 09:53:17 -06:00
parent bde4163c25
commit 9cf8da5a4a
1 changed files with 1 additions and 1 deletions
--- a/app/access_controls/access_control_edit.php
+++ b/app/access_controls/access_control_edit.php
@@ -202,7 +202,7 @@
 				//attempt digs
 				if (!empty($digs) && is_array($digs)) {
 					foreach ($digs as $dig) {
-						$response = shell_exec("dig +noall +answer ".$dig['value']." | awk '{ print $5 }'");
+						$response = shell_exec("dig +noall +answer ".escapeshellarg($dig['value'])." | awk '{ print $5 }'");
 						if (!empty($response)) {
 							$lines = explode("\n", $response);
 							foreach ($lines as $l => $line) {