fix: avoid using escapeshellcmd() by injecting $body via STDIN. not very elegant, but keeps with the spirit of escapeshellcmd()
This commit is contained in:
+5
-1
@@ -310,7 +310,11 @@ if(isset($_GET['sendtest']) && $_GET['sendtest'] == "true") {
|
||||
$body = str_replace("\$overlap", $overlap, $body);
|
||||
$body = str_replace("\$flickrimage", $exampleimage, $body);
|
||||
|
||||
echo "<pre class=\"bash\">".shell_exec($home."/BirdNET-Pi/birdnet/bin/apprise -vv --plugin-path ".$home."/.apprise/plugins "." -t '".escapeshellcmd($title)."' -b '".escapeshellcmd($body)."' ".$attach." ".$cf." ")."</pre>";
|
||||
$temp = tmpfile();
|
||||
$tpath = stream_get_meta_data($temp)['uri'];
|
||||
fwrite($temp, $body);
|
||||
echo "<pre class=\"bash\">".shell_exec($home."/BirdNET-Pi/birdnet/bin/apprise -vv --plugin-path ".$home."/.apprise/plugins "." -t '".escapeshellcmd($title)."' ".$attach." ".$cf." <".$tpath)."</pre>";
|
||||
fclose($temp);
|
||||
|
||||
die();
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user