- changed milestone to Feb 27
-
assigned issue to
Check for “command-line injection”
Issue #37
resolved
We currently pass the parameters directly from params
to command line, which is very dangerous.
Comments (10)
-
-
- changed component to t: portal-core
- marked as major
-
- changed milestone to Apr 01
-
- changed component to t: portal
-
- removed milestone
What do we need to do specifically here?
If nothing specific, I want to close it with
wontfix
-
reporter Investigate and add
.shellescape
to respective strings, like in pull request #140 -
- changed status to resolved
Applying
shellescape
to prevent command line injection (fixing#37)→ <<cset f9c3501238c0>>
-
more: Applying
shellescape
to prevent command line injection (fixing#37)→ <<cset fb0486025287>>
-
Merged in liahsheep/cnpaas-portal/fix-cli-injection (pull request #168)
Applying
shellescape
to prevent command line injection (fixing#37)→ <<cset 360dddc400a8>>
-
reporter - changed component to Portal
- Log in to comment