Changeset 1168 for www


Ignore:
Timestamp:
Sep 30, 2006, 11:46:04 PM (13 years ago)
Author:
Sam Hocevar
Message:
  • Use escapeshellarg() instead of escapeshellcmd().
  • Increased input string limit to 40.
File:
1 edited

Legend:

Unmodified
Added
Removed
  • www/toilet.html

    r1167 r1168  
    4646
    4747<? $submit = $_POST['submit'];
    48    $text = substr($_POST['text'], 0, 30);
     48   $text = substr(stripslashes($_POST['text']), 0, 40);
    4949   $font = $_POST['font'];
    5050   $fontlist = array('emboss', 'emboss2', 'smbraille');
     
    6767  <blockquote>
    6868    <p><pre>
    69       <? exec($path.'/src/toilet -d '.$path.'/fonts -f "'.$fontlist[$font].'" "'.escapeshellcmd($text).'" | sed "s/\x1b[^m]*m//g"', &$result);
     69      <? exec($path.'/src/toilet -d '.$path.'/fonts -f "'.$fontlist[$font].'" '.escapeshellarg($text).' | sed "s/\x1b[^m]*m//g"', &$result);
    7070         foreach($result as $line)
    7171             echo "\n".htmlspecialchars($line);
Note: See TracChangeset for help on using the changeset viewer.