Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
fix DokuWiki shell issue
UNTESTED as of writing; reported by https://huntr.dev/users/redstarp2/
  • Loading branch information
divinity76 authored and jaapmarcus committed Jul 25, 2022
1 parent 67a57a6 commit 3d4c309
Showing 1 changed file with 22 additions and 15 deletions.
37 changes: 22 additions & 15 deletions web/src/app/WebApp/Installers/DokuWiki/DokuWikiSetup.php
Expand Up @@ -80,21 +80,28 @@ public function install(array $options = null, &$status=null)

$installUrl = $webDomain . "install.php";

$cmd = "curl --request POST "
. ($sslEnabled ? "" : "--insecure " )
. "--url $installUrl "
. "--header 'Content-Type: application/x-www-form-urlencoded' "
. "--data l=en "
. "--data 'd[title]=" . $options['wiki_name'] . "' "
. "--data 'd[acl]=on' "
. "--data 'd[superuser]=" . $options['superuser'] . "' "
. "--data 'd[fullname]=" . $options['real_name'] . "' "
. "--data 'd[email]=" . $options['email'] . "' "
. "--data 'd[password]=" . $options['password'] . "' "
. "--data 'd[confirm]=" . $options['password'] . "' "
. "--data 'd[policy]=" . substr($options['initial_ACL_policy'], 0, 1) . "' "
. "--data 'd[license]=" . explode(":", $options['content_license'])[0] . "' "
. "--data submit=";
$cmd = implode(" ", array(
"curl",
"--request POST",
($sslEnabled ? "" : "--insecure "),
"--url " . escapeshellarg($installUrl),
"--header 'Content-Type: application/x-www-form-urlencoded'",
'--data-binary ' . escapeshellarg(http_build_query(array(
"l" => "en",
"d" => array(
"title" => $options['wiki_name'],
'acl' => 'on',
'superuser' => $options['superuser'],
'fullname' => $options['real_name'],
'email' => $options['email'],
'password' => $options['password'],
'confirm' => $options['password'],
'policy' => substr($options['initial_ACL_policy'], 0, 1),
'license' => explode(":", $options['content_license'])[0]
),
'submit' => ''
)))
));

exec($cmd, $output, $return_var);
if($return_var > 0){
Expand Down

0 comments on commit 3d4c309

Please sign in to comment.