Opened 10 years ago

Closed 9 years ago

#7817 closed patch (fixed)

Add quoting to the location passed to the weather parsers

Reported by: knight@… Owned by: Rob Smith
Priority: trivial Milestone: 0.24
Component: Plugin - MythWeb Version: head
Severity: low Keywords: wearther, quoting
Cc: Ticket locked: no

Description

Hi,

This quotes the location passed to the weather parsers so that its content is not interpreted by the command line parser.

The same kind of quoting was already done during the search of the city/town/region.

Thank you,

Nick

Attachments (2)

weather.diff (731 bytes) - added by knight@… 10 years ago.
WeatherScreen.diff (624 bytes) - added by Miguel Yarza <miguel.yarza@…> 9 years ago.
Fix for GetData? function runScript argument escaping

Download all attachments as: .zip

Change History (9)

Changed 10 years ago by knight@…

Attachment: weather.diff added

comment:1 Changed 10 years ago by dstancl@…

Another solution: add escapeshellcmd to method WeatherScreen::runScript:

$command  = escapeshellcmd("$script $args");

comment:2 in reply to:  1 Changed 10 years ago by Nicolas Riendeau <knight@…>

Replying to dstancl@…:

Another solution: add escapeshellcmd to method WeatherScreen::runScript:

$command  = escapeshellcmd("$script $args");

The description of what this does sounds to me like it could cause problems with some parsers.

Interesting command though... (-;

comment:3 Changed 9 years ago by Rob Smith

Resolution: fixed
Status: newclosed

(In [24932]) Fixes #7817, this should do escaping properly for all the shell tasks in the weather module

comment:4 Changed 9 years ago by Miguel Yarza <miguel.yarza@…>

Resolution: fixed
Status: closednew

There is an error in the GetData function runScript argument escaping, last two arguments are being escaped together.

I got it working escaping arguments separately:

$output_array = $this->runScript($script, '-u '. escapeshellarg($units) 
.' -d '. escapeshellarg(getcwd() .'/'. data) .' '. escapeshellarg($location));

I attach a diff against [24932] with the fix.

Changed 9 years ago by Miguel Yarza <miguel.yarza@…>

Attachment: WeatherScreen.diff added

Fix for GetData? function runScript argument escaping

comment:5 Changed 9 years ago by robertm

Status: newassigned

comment:6 Changed 9 years ago by Rob Smith

Milestone: unknown0.24

comment:7 Changed 9 years ago by Rob Smith

Resolution: fixed
Status: assignedclosed

(In [26223]) Fixes #7817, this properly escapes the location argument with the mythweather module in mythweb

Note: See TracTickets for help on using tickets.