mirror/zoneminder
1
0
Fork 0
mirror of https://github.com/ZoneMinder/zoneminder.git synced 2025-12-23 22:37:53 -05:00
Code Issues Packages Projects Releases Wiki Activity

Add quotes around dbUser and dbPass to prevent command injection

Browse Source
This commit is contained in:
Isaac Connor
2024-01-02 14:00:34 -05:00
parent f6100f9f79
commit cd303111e5
1 changed files with 4 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
scripts/zmcamtool.pl.in
View File

@@ -103,7 +103,9 @@ GetOptions(
) or pod2usage(-exitstatus => -1);
$Config{ZM_DB_USER} = $dbUser;
$dbUser =~ s/'/\\'/g;
$Config{ZM_DB_PASS} = $dbPass;
$dbPass =~ s/'/\\'/g;
if ( $version ) {
print( ZoneMinder::Base::ZM_VERSION . "\n");
@@ -345,9 +347,9 @@ sub exportsql {
my $command = 'mysqldump -t --skip-opt --compact -h'.$host;
$command .= ' -P'.$port if defined($port);
if ( $dbUser ) {
$command .= ' -u'.$dbUser;
$command .= ' -u\''.$dbUser.'\'';
if ( $dbPass ) {
$command .= ' -p'.$dbPass;
$command .= ' -p\''.$dbPass.'\'';
}
}