From: pk910 Date: Mon, 17 Oct 2011 23:32:36 +0000 (+0200) Subject: only escape user parameters on cmd_extscript X-Git-Tag: v5.3~290 X-Git-Url: http://git.pk910.de/?p=NeonServV5.git;a=commitdiff_plain;h=16aed74911eb352c322cd2ed38508881b144ac28 only escape user parameters on cmd_extscript --- diff --git a/src/cmd_neonserv_extscript.c b/src/cmd_neonserv_extscript.c index 53b173d..35f81bc 100644 --- a/src/cmd_neonserv_extscript.c +++ b/src/cmd_neonserv_extscript.c @@ -32,6 +32,7 @@ CMD_BIND(neonserv_cmd_extscript) { int commandpos = 0; char part[MAXLEN]; int partpos; + int escape_param; int answere_channel = 0; //check first arg if(argc && !stricmp(argv[0], "toys")) { @@ -66,6 +67,7 @@ CMD_BIND(neonserv_cmd_extscript) { commandpos = sprintf(command, "%s", argv[0]); for(i = 1; i < argc-1; i++) { partpos = 0; + escape_param = 1; if(argv[i][0] == '$') { argv[i]++; if(argv[i][strlen(argv[i])-1] == '-') { @@ -88,20 +90,24 @@ CMD_BIND(neonserv_cmd_extscript) { } } else { partpos = sprintf(part, "%s", argv[i]); + escape_param = 0; } //escape shell argument command[commandpos++] = ' '; - command[commandpos++] = '\''; - for(j = 0; j < partpos; j++) { - if(part[j] == '\'') { - command[commandpos++] = '\''; - command[commandpos++] = '\\'; - command[commandpos++] = '\''; - command[commandpos++] = '\''; - } else - command[commandpos++] = part[j]; - } - command[commandpos++] = '\''; + if(escape_param) { + command[commandpos++] = '\''; + for(j = 0; j < partpos; j++) { + if(part[j] == '\'') { + command[commandpos++] = '\''; + command[commandpos++] = '\\'; + command[commandpos++] = '\''; + command[commandpos++] = '\''; + } else + command[commandpos++] = part[j]; + } + command[commandpos++] = '\''; + } else + commandpos += sprintf(command + commandpos, " %s", part); } command[commandpos] = '\0'; //we should now have a valid command