YunoHost/SSOwat
1
0
Fork 0
mirror of https://github.com/YunoHost/SSOwat.git synced 2024-09-03 20:06:27 +02:00
Code Issues Projects Releases Packages Wiki Activity

[fix] prevent shell injections

Browse source
This commit is contained in:
Laurent Peuch 2017-08-18 02:34:46 +02:00
parent d16f3f81d0
commit c8c7fe7fc7
1 changed files with 1 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
helpers.lua
View file

@ -842,7 +842,7 @@ end
function hash_password(password)
-- TODO is the password checked by regex? we don't want to
-- allow shell injection
local mkpasswd = io.popen("mkpasswd --method=sha-512 '" ..password.."'")
local mkpasswd = io.popen("mkpasswd --method=sha-512 '" ..password:gsub("'", "'\\''").."'")
local hashed_password = "{CRYPT}"..mkpasswd:read()
mkpasswd:close()
return hashed_password