diff options
| author | Andrey Andreev <narf@devilix.net> | 2017-07-17 12:14:00 +0200 |
|---|---|---|
| committer | Andrey Andreev <narf@devilix.net> | 2017-07-17 12:14:00 +0200 |
| commit | 6cab78970f212a30ea923835510ffd1fb77a6ad0 (patch) | |
| tree | b64f47cd2d16564edab6d507e47c939770d73e6e /system/libraries/Image_lib.php | |
| parent | 29740e442a1d78bd65b569c92575cdbf4fc2d614 (diff) | |
[ci skip] escapeshellarg on the image src path passed to NetPBM by Image_lib
Diffstat (limited to 'system/libraries/Image_lib.php')
| -rw-r--r-- | system/libraries/Image_lib.php | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/system/libraries/Image_lib.php b/system/libraries/Image_lib.php index 88c9e7ede..8786d9d02 100644 --- a/system/libraries/Image_lib.php +++ b/system/libraries/Image_lib.php @@ -972,7 +972,7 @@ class CI_Image_lib { $cmd_inner = 'pnmscale -xysize '.$this->width.' '.$this->height; } - $cmd = $this->library_path.$cmd_in.' '.$this->full_src_path.' | '.$cmd_inner.' | '.$cmd_out.' > '.$this->dest_folder.'netpbm.tmp'; + $cmd = $this->library_path.$cmd_in.' '.escapeshellarg($this->full_src_path).' | '.$cmd_inner.' | '.$cmd_out.' > '.$this->dest_folder.'netpbm.tmp'; $retval = 1; // exec() might be disabled |