cpeel
commented
2 years ago TEST and PROD have both been updated with this code.
Closed cpeel closed 2 years ago
cpeel
commented
2 years ago TEST and PROD have both been updated with this code.
Using
escapeshellarg()to escape user inputs being passed as args is all that is necessary before running a command.escapeshellcmd()can double encode unmatched double- and single-quotes when used withescapeshellarg().https://gist.github.com/Zenexer/40d02da5e07f151adeaeeaa11af9ab36 is an interesting read.
Testable at https://www.pgdp.org/~cpeel/ppwb