From 2ff5e1ea2a61a68c759658dd998bf32b5e85f23d Mon Sep 17 00:00:00 2001 From: Manuel Dalla Lana Date: Wed, 24 Jan 2024 08:47:48 +0100 Subject: [PATCH] Escape MaxMind database file wget command --- CHANGELOG.md | 1 + mailscanner/geoip_update.php | 6 ++++-- tools/Cron_jobs/mailwatch_geoip_update.php | 3 ++- 3 files changed, 7 insertions(+), 3 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index f8985be5b..56c89e15f 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -7,6 +7,7 @@ - Validate on new exim id format (#1294) - Permit + and = chars in email for sendmail (#1291) - Fix Message Listing on Mysql 8+ (#1295) +- Fix MaxMind database download when curl extension is not available (#1297) ## 1.2.21 ### Improvements diff --git a/mailscanner/geoip_update.php b/mailscanner/geoip_update.php index ad376e723..3ea036241 100644 --- a/mailscanner/geoip_update.php +++ b/mailscanner/geoip_update.php @@ -137,11 +137,13 @@ } } - exec( - 'wget ' . $proxyString . ' -N ' . $files_base_url . $file['path'] . ' -O ' . $file['destination'], + $command = escapeshellcmd('wget ' . $proxyString . ' -N ' . $files_base_url . $file['path'] . ' -O ' . $file['destination']); + $result = exec( + $command, $output_wget, $retval_wget ); + if ($retval_wget > 0) { echo __('downbad15') . ' ' . $file['description'] . "
\n"; } else { diff --git a/tools/Cron_jobs/mailwatch_geoip_update.php b/tools/Cron_jobs/mailwatch_geoip_update.php index 7a06f70cc..759e8c171 100755 --- a/tools/Cron_jobs/mailwatch_geoip_update.php +++ b/tools/Cron_jobs/mailwatch_geoip_update.php @@ -133,8 +133,9 @@ } } + $command = escapeshellcmd('wget ' . $proxyString . ' -N ' . $files_base_url . $file['path'] . ' -O ' . $file['destination']); exec( - 'wget ' . $proxyString . ' -N ' . $files_base_url . $file['path'] . ' -O ' . $file['destination'], + $command, $output_wget, $retval_wget );