Usage of "escapeshellarg" has been added to…

Usage of "escapeshellarg" has been added to "yii\console\controllers\AssetController::actionCompress()".

Usage of "escapeshellarg" has been added to…
2c930ae2 · Klimov Paul · d3beeb7d · 2c930ae2
Commit 2c930ae2 authored May 16, 2013 by Klimov Paul
Show whitespace changes
Inline Side-by-side

Showing with 4 additions and 4 deletions

AssetController.php yii/console/controllers/AssetController.php +4 -4

No files found.
--- a/yii/console/controllers/AssetController.php
+++ b/yii/console/controllers/AssetController.php
@@ -365,8 +365,8 @@ EOD
 			$tmpFile = $outputFile . '.tmp';
 			$this->combineJsFiles($inputFiles, $tmpFile);
 			$log = shell_exec(strtr($this->jsCompressor, array(
-				'{from}' => $tmpFile,
-				'{to}' => $outputFile,
+				'{from}' => escapeshellarg($tmpFile),
+				'{to}' => escapeshellarg($outputFile),
 			)));
 			@unlink($tmpFile);
 		} else {
@@ -385,8 +385,8 @@ EOD
 			$tmpFile = $outputFile . '.tmp';
 			$this->combineCssFiles($inputFiles, $tmpFile);
 			$log = shell_exec(strtr($this->cssCompressor, array(
-				'{from}' => $tmpFile,
-				'{to}' => $outputFile,
+				'{from}' => escapeshellarg($tmpFile),
+				'{to}' => escapeshellarg($outputFile),
 			)));
 			@unlink($tmpFile);
 		} else {