[Pkg-owncloud-commits] [owncloud] 125/199: Output validation for exec() method.

[David Prévot]

This is an automated email from the git hooks/post-receive script.

taffit pushed a commit to branch master
in repository owncloud.

commit 626e87aa542adaee123c7c4104411238b43b3333
Author: Andreas Fischer <bantu at owncloud.com>
Date:   Sun Feb 9 15:56:26 2014 +0100

    Output validation for exec() method.
---
 lib/private/largefilehelper.php | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/lib/private/largefilehelper.php b/lib/private/largefilehelper.php
index ca8f752..751e60d 100644
--- a/lib/private/largefilehelper.php
+++ b/lib/private/largefilehelper.php
@@ -92,10 +92,15 @@ class LargeFileHelper {
 	public function getFilesizeViaExec($filename) {
 		if (\OC_Helper::is_function_enabled('exec')) {
 			$os = strtolower(php_uname('s'));
+			$result = '';
 			if (strpos($os, 'linux') !== false) {
-				return 0 + exec('stat -c %s ' . escapeshellarg($filename));
+				$result = trim(exec('stat -c %s ' . escapeshellarg($filename)));
 			} else if (strpos($os, 'bsd') !== false) {
-				return 0 + exec('stat -f %z ' . escapeshellarg($filename));
+				$result = trim(exec('stat -f %z ' . escapeshellarg($filename)));
+			}
+
+			if (ctype_digit($result)) {
+				return 0 + $result;
 			}
 		}
 		return null;

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-owncloud/owncloud.git