diff options
author | ivan <ivan> | 2009-11-03 19:56:47 +0000 |
---|---|---|
committer | ivan <ivan> | 2009-11-03 19:56:47 +0000 |
commit | 95053c1edcfa416ff272a4e5afd421316410a715 (patch) | |
tree | 2586d9031d009006b032cf27cff83365f7d5a7cd /FS/bin/freeside-paymentech-upload | |
parent | 761b6b889a02b9ec593fdba70484dbf07b28d172 (diff) |
check for zip and unzip commands, use multi-arg version of system to prevent the shell getting its hands on things (metacharacters in pw or whatnot), RT#5650
Diffstat (limited to 'FS/bin/freeside-paymentech-upload')
-rwxr-xr-x | FS/bin/freeside-paymentech-upload | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/FS/bin/freeside-paymentech-upload b/FS/bin/freeside-paymentech-upload index 08a59c5dc..985095e68 100755 --- a/FS/bin/freeside-paymentech-upload +++ b/FS/bin/freeside-paymentech-upload @@ -25,6 +25,8 @@ sub usage { " my $user = shift or die &usage; adminsuidsetup $user; +my $zip_check = `which zip` or die "can't find zip executable\n"; + my @batches; if($opt_a) { @@ -60,7 +62,8 @@ foreach my $pay_batch (@batches) { print OUT $text; close OUT; - system("zip -P $password -q -j $tmpdir/$filename.zip $tmpdir/$filename.xml"); + system('zip', '-P', '$password', '-q', '-j', + "$tmpdir/$filename.zip", "$tmpdir/$filename.xml"); die "failed to create zip file\n" if (! -f "$tmpdir/$filename.zip" ); push @filenames, $filename; |