Skip to content

Commit

Permalink
Escape MaxMind database file wget command
Browse files Browse the repository at this point in the history 
Fix #1297
  • Loading branch information
@endelwar
endelwar committed Jan 24, 2024
1 parent 27cb35c commit 97aa05c
Show file tree
Hide file tree
Showing 3 changed files with 7 additions and 3 deletions.
1 change: 1 addition & 0 deletions CHANGELOG.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,7 @@
- Validate on new exim id format (#1294)
- Permit + and = chars in email for sendmail (#1291)
- Fix Message Listing on Mysql 8+ (#1295)
- Fix MaxMind database download when curl extension is not available (#1297)

## 1.2.21
### Improvements
Expand Down
6 changes: 4 additions & 2 deletions mailscanner/geoip_update.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -137,11 +137,13 @@
}
}

exec(
'wget ' . $proxyString . ' -N ' . $files_base_url . $file['path'] . ' -O ' . $file['destination'],
$command = escapeshellcmd('wget ' . $proxyString . ' -N ' . $files_base_url . $file['path'] . ' -O ' . $file['destination']);
$result = exec(
$command,
$output_wget,
$retval_wget
);

if ($retval_wget > 0) {
echo __('downbad15') . ' ' . $file['description'] . "<br>\n";
} else {
Expand Down
3 changes: 2 additions & 1 deletion tools/Cron_jobs/mailwatch_geoip_update.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -133,8 +133,9 @@
}
}

$command = escapeshellcmd('wget ' . $proxyString . ' -N ' . $files_base_url . $file['path'] . ' -O ' . $file['destination']);
exec(
'wget ' . $proxyString . ' -N ' . $files_base_url . $file['path'] . ' -O ' . $file['destination'],
$command,
$output_wget,
$retval_wget
);
Expand Down

2 comments on commit 97aa05c

@MatKra84
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you for quick response.

My config:
AlmaLinux 9, PHP (from OS repo):
PHP 8.0.30 (cli) (built: Aug 3 2023 17:13:08) ( NTS gcc x86_64 )

when I force 'wget' (geoip_update.php) ex. :

82: if (!function_exists('fsockopen') || !extension_loaded('curl')) {

it works now fine but otherwise I get:

Downloading file, please wait...
Error occurred while downloading GeoIP data file: Response could not be parsed
Download complete, unpacking files...

Fatal error: Uncaught UnexpectedValueException: internal corruption of phar "/var/www/html/mailwatch/temp/GeoLite2-Country.tar.gz" (truncated entry) in /var/www/html/mailwatch/geoip_update.php:158 Stack trace: #0 /var/www/html/mailwatch/geoip_update.php(158): PharData->__construct() #1 {main} thrown in /var/www/html/mailwatch/geoip_update.php on line 158

(geoLite2-Country.tar.gz file is empty)

@endelwar
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Found it, will release a fix in a moment

Please sign in to comment.