Leiden Classic queuing system: fix security vulnerability

2014-11-22 13:18:03 -08:00 · 2014-11-22 13:18:03 -08:00 · 5094a24ce1
parent 6b9205b3a1
commit 5094a24ce1
2 changed files with 3 additions and 1 deletions
--- a/html/queue/README
+++ b/html/queue/README
@ -1,3 +1,5 @@
+// THIS SYSTEM IS NOT SUPPORTED BY BOINC.  USE AT YOUR OWN RISK
+//
 // This directory contains a system that allows
 // users to submit jobs to a BOINC project.
 //
--- a/html/queue/user/queue_new_job_form_action.php
+++ b/html/queue/user/queue_new_job_form_action.php
@ -10,7 +10,7 @@ db_init();
 $timestr           = time_str(time(0));

 $jobapplication    = post_int( 'application' ); 
-$jobname           = escapeshellcmd( $_POST[ 'name' ] );
+$jobname           = escapeshellarg( $_POST[ 'name' ] );
 $jobinput          = post_str( 'input' );
 $jobfops           = post_int( 'fops' );
 $jobdisk           = post_int( 'disk' );