From 5094a24ce180e81b93962a2c72013897b936d061 Mon Sep 17 00:00:00 2001
From: David Anderson <davea@ssl.berkeley.edu>
Date: Sat, 22 Nov 2014 13:18:03 -0800
Subject: [PATCH] Leiden Classic queuing system: fix security vulnerability

---
 html/queue/README                             | 2 ++
 html/queue/user/queue_new_job_form_action.php | 2 +-
 2 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/html/queue/README b/html/queue/README
index 44d6fe56d2..24618854b0 100644
--- a/html/queue/README
+++ b/html/queue/README
@@ -1,3 +1,5 @@
+// THIS SYSTEM IS NOT SUPPORTED BY BOINC.  USE AT YOUR OWN RISK
+//
 // This directory contains a system that allows
 // users to submit jobs to a BOINC project.
 //
diff --git a/html/queue/user/queue_new_job_form_action.php b/html/queue/user/queue_new_job_form_action.php
index de6234d906..16be833f41 100644
--- a/html/queue/user/queue_new_job_form_action.php
+++ b/html/queue/user/queue_new_job_form_action.php
@@ -10,7 +10,7 @@ db_init();
 $timestr           = time_str(time(0));
 
 $jobapplication    = post_int( 'application' ); 
-$jobname           = escapeshellcmd( $_POST[ 'name' ] );
+$jobname           = escapeshellarg( $_POST[ 'name' ] );
 $jobinput          = post_str( 'input' );
 $jobfops           = post_int( 'fops' );
 $jobdisk           = post_int( 'disk' );