You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
In lib/Occ.phpfunction execute() we escapeshellarg the parts of the command to be executed.
We make exceptions to that for parts of occ commands that we know we need to send aalready enclosed in quotes, like:
--display-name='User One'
' '
'A value that has space in it'
It gradually gets more complicated to let through these string patterns and escapeshellarg everything else.
If you enable the testing app, and you know the admin password, then you can already do lots of nasty things to your system. If you know the admin password, then you may also have command line access to your system anyway - so you can type any command that you like.
So why do we try to protect occ command execution from command injection?
The text was updated successfully, but these errors were encountered:
In
lib/Occ.php
function execute()
weescapeshellarg
the parts of the command to be executed.We make exceptions to that for parts of
occ
commands that we know we need to send aalready enclosed in quotes, like:It gradually gets more complicated to let through these string patterns and
escapeshellarg
everything else.If you enable the testing app, and you know the admin password, then you can already do lots of nasty things to your system. If you know the admin password, then you may also have command line access to your system anyway - so you can type any command that you like.
So why do we try to protect
occ
command execution from command injection?The text was updated successfully, but these errors were encountered: