fix: avoid using escapeshellcmd() by injecting $body via STDIN. not very elegant, but keeps with the spirit of escapeshellcmd()
This commit is contained in:
+5
-1
@@ -310,7 +310,11 @@ if(isset($_GET['sendtest']) && $_GET['sendtest'] == "true") {
|
|||||||
$body = str_replace("\$overlap", $overlap, $body);
|
$body = str_replace("\$overlap", $overlap, $body);
|
||||||
$body = str_replace("\$flickrimage", $exampleimage, $body);
|
$body = str_replace("\$flickrimage", $exampleimage, $body);
|
||||||
|
|
||||||
echo "<pre class=\"bash\">".shell_exec($home."/BirdNET-Pi/birdnet/bin/apprise -vv --plugin-path ".$home."/.apprise/plugins "." -t '".escapeshellcmd($title)."' -b '".escapeshellcmd($body)."' ".$attach." ".$cf." ")."</pre>";
|
$temp = tmpfile();
|
||||||
|
$tpath = stream_get_meta_data($temp)['uri'];
|
||||||
|
fwrite($temp, $body);
|
||||||
|
echo "<pre class=\"bash\">".shell_exec($home."/BirdNET-Pi/birdnet/bin/apprise -vv --plugin-path ".$home."/.apprise/plugins "." -t '".escapeshellcmd($title)."' ".$attach." ".$cf." <".$tpath)."</pre>";
|
||||||
|
fclose($temp);
|
||||||
|
|
||||||
die();
|
die();
|
||||||
}
|
}
|
||||||
|
|||||||
Reference in New Issue
Block a user