Don't pass the password in the shell argument

this should prevent some issues with escaping
2026-06-03 17:24:07 +02:00 · 2013-03-03 22:27:29 +01:00 · 2013-03-03 22:27:29 +01:00 · 7353a25b99
commit 7353a25b99
parent 6c4587eb10
2 changed files with 16 additions and 1 deletions
--- a/src/server.php
+++ b/src/server.php
@ -45,6 +45,20 @@ class Server {
 		return $this->user . '%' . $this->password;
 	}

+	/**
+	 * @return string
+	 */
+	public function getUser() {
+		return $this->user;
+	}
+
+	/**
+	 * @return string
+	 */
+	public function getPassword(){
+		return $this->password;
+	}
+
 	/**
 	 * return string
 	 */
--- a/src/share.php
+++ b/src/share.php
@ -32,9 +32,10 @@ class Share {
 		$this->server = $server;
 		$this->name = $name;

-		$command = Server::CLIENT . ' -N -U ' . $this->server->getAuthString() .
+		$command = Server::CLIENT . ' -U ' . escapeshellarg($this->server->getUser()) .
 			' //' . $this->server->getHost() . '/' . $this->name;
 		$this->connection = new Connection($command);
+		$this->connection->write($this->server->getPassword());
 	}

 	public function getName() {