ZoneMinder
/
zoneminder
mirror of https://github.com/ZoneMinder/zoneminder.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Merge pull request #264 from ZoneMinder/improvezmpkg 

Use proper DBI parameter passing in zmpkg.pl to improve security
pull/269/head
Kyle Johnson 2013-12-13 10:34:48 -08:00
parent f39f2fab66 2775752a41
commit c3c3cfbfb9
1 changed files with 3 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
scripts/zmpkg.pl.in
View File

@ -57,9 +57,9 @@ if ( !$command || $command !~ /^(?:start|stop|restart|status|logrot)$/ )
if ( $command )
{
# Check to see if it's a valid run state
my $sql = "select * from States where Name = '$command'";
my $sql = 'select * from States where Name = ?';
my $sth = $dbh->prepare_cached( $sql ) or Fatal( "Can't prepare '$sql': ".$dbh->errstr() );
my $res = $sth->execute() or Fatal( "Can't execute: ".$sth->errstr() );
my $res = $sth->execute( $command ) or Fatal( "Can't execute: ".$sth->errstr() );
if ( $state = $sth->fetchrow_hashref() )
{
$state->{Name} = $command;
@ -138,7 +138,7 @@ if ( $command =~ /^(?:stop|restart)$/ )
}
}
runCommand( "zmupdate.pl -f" );
#runCommand( "zmupdate.pl -f" );
if ( $command =~ /^(?:start|restart)$/ )
{