escape qrencode arguments in multibyte-safe way

This commit is contained in:
glaszig 2020-02-27 23:52:35 +00:00
parent 695ea7b969
commit ad1ca08de3
2 changed files with 16 additions and 1 deletions

View file

@ -2,6 +2,7 @@
require_once '../../includes/config.php';
require_once '../../includes/defaults.php';
require_once '../../includes/functions.php';
function qr_encode($str)
{
@ -34,7 +35,7 @@ $ssid = qr_encode($ssid);
$password = qr_encode($password);
$data = "WIFI:S:$ssid;T:$type;P:$password;$hidden;";
$command = "qrencode -t svg -m 0 -o - " . escapeshellarg($data);
$command = "qrencode -t svg -m 0 -o - " . mb_escapeshellarg($data);
$svg = shell_exec($command);
$config_mtime = filemtime(RASPI_HOSTAPD_CONFIG);

View file

@ -332,3 +332,17 @@ function cache($key, $callback)
return $data;
}
}
// insspired by
// http://markushedlund.com/dev/php-escapeshellarg-with-unicodeutf-8-support
function mb_escapeshellarg($arg)
{
$isWindows = strtolower(substr(PHP_OS, 0, 3)) === 'win';
if ($isWindows) {
$escaped_arg = str_replace(array('"', '%'), '', $arg);
} else {
$escaped_arg = str_replace("'", "'\\''", $arg);
}
return "\"$escaped_arg\"";
}