Commit 2c930ae2 by Klimov Paul

Usage of "escapeshellarg" has been added to…

Usage of "escapeshellarg" has been added to "yii\console\controllers\AssetController::actionCompress()".
parent d3beeb7d
...@@ -365,8 +365,8 @@ EOD ...@@ -365,8 +365,8 @@ EOD
$tmpFile = $outputFile . '.tmp'; $tmpFile = $outputFile . '.tmp';
$this->combineJsFiles($inputFiles, $tmpFile); $this->combineJsFiles($inputFiles, $tmpFile);
$log = shell_exec(strtr($this->jsCompressor, array( $log = shell_exec(strtr($this->jsCompressor, array(
'{from}' => $tmpFile, '{from}' => escapeshellarg($tmpFile),
'{to}' => $outputFile, '{to}' => escapeshellarg($outputFile),
))); )));
@unlink($tmpFile); @unlink($tmpFile);
} else { } else {
...@@ -385,8 +385,8 @@ EOD ...@@ -385,8 +385,8 @@ EOD
$tmpFile = $outputFile . '.tmp'; $tmpFile = $outputFile . '.tmp';
$this->combineCssFiles($inputFiles, $tmpFile); $this->combineCssFiles($inputFiles, $tmpFile);
$log = shell_exec(strtr($this->cssCompressor, array( $log = shell_exec(strtr($this->cssCompressor, array(
'{from}' => $tmpFile, '{from}' => escapeshellarg($tmpFile),
'{to}' => $outputFile, '{to}' => escapeshellarg($outputFile),
))); )));
@unlink($tmpFile); @unlink($tmpFile);
} else { } else {
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment