Do not split command input on comma

owncloud / testing

🔧 app for testing ownCloud

GNU Affero General Public License v3.0

3 stars 4 forks source link

Do not split command input on comma #8

Closed phil-davis closed 6 years ago

phil-davis commented 6 years ago

The code to receive a request for an occ command first escapes each of the parameters, in order to protect against callers trying to do extra tricky bash things.

The code splits the command by both whitespace and comma.

We do not want to split by comma, because a single command argument might have a real, ordinary, comma in it. e.g. the config:system:set command is getting an option that takes a JSON string. The JSON string often has commas in it. We do not want to mess that up.

patrickjahns commented 6 years ago

Please remember after merging, to move the Tag latest to the new master HEAD https://github.com/owncloud/testing#publish-latest-version-as-github-release

( Maybe we should also automate that part )