diff options
| author | ivan <ivan> | 2009-11-03 19:56:47 +0000 |
|---|---|---|
| committer | ivan <ivan> | 2009-11-03 19:56:47 +0000 |
| commit | 95053c1edcfa416ff272a4e5afd421316410a715 (patch) | |
| tree | 2586d9031d009006b032cf27cff83365f7d5a7cd /FS/bin/freeside-paymentech-download | |
| parent | 761b6b889a02b9ec593fdba70484dbf07b28d172 (diff) | |
check for zip and unzip commands, use multi-arg version of system to prevent the shell getting its hands on things (metacharacters in pw or whatnot), RT#5650
Diffstat (limited to 'FS/bin/freeside-paymentech-download')
| -rwxr-xr-x | FS/bin/freeside-paymentech-download | 7 |
1 files changed, 5 insertions, 2 deletions
diff --git a/FS/bin/freeside-paymentech-download b/FS/bin/freeside-paymentech-download index 8fb4bccb8..f4e0391ab 100755 --- a/FS/bin/freeside-paymentech-download +++ b/FS/bin/freeside-paymentech-download @@ -30,6 +30,8 @@ if ( $opt_a ) { unless -w $opt_a; } +my $unzip_check = `which unzip` or die "can't find unzip executable\n"; + #my $tmpdir = File::Temp->newdir(); my $tmpdir = tempdir( CLEANUP => 1 ); #DIR=>somewhere? @@ -64,9 +66,10 @@ BATCH: foreach my $filename (@files) { } #unzip file - system("unzip -P $password -q $tmpdir/${filename}_resp.zip -d $tmpdir"); + system('unzip', '-P', '$password', '-q', + "$tmpdir/${filename}_resp.zip", '-d', $tmpdir); if(! -f "$tmpdir/${filename}_resp.xml") { - warn "failed to extract ${filename}_resp.xml\n"; + warn "failed to extract ${filename}_resp.xml from ${filename}_resp.zip\n"; next BATCH; } |