From 3d4c309cf138943cfd1e71ae51556406987aa4bf Mon Sep 17 00:00:00 2001
From: hanshenrik <divinity76@gmail.com>
Date: Sun, 24 Jul 2022 18:22:41 +0200
Subject: [PATCH] fix DokuWiki shell issue

UNTESTED as of writing; reported by https://huntr.dev/users/redstarp2/
---
 .../Installers/DokuWiki/DokuWikiSetup.php     | 37 +++++++++++--------
 1 file changed, 22 insertions(+), 15 deletions(-)

diff --git a/web/src/app/WebApp/Installers/DokuWiki/DokuWikiSetup.php b/web/src/app/WebApp/Installers/DokuWiki/DokuWikiSetup.php
index 8886d7acc3..4c4a473c65 100644
--- a/web/src/app/WebApp/Installers/DokuWiki/DokuWikiSetup.php
+++ b/web/src/app/WebApp/Installers/DokuWiki/DokuWikiSetup.php
@@ -80,21 +80,28 @@ public function install(array $options = null, &$status=null)
 
 		$installUrl = $webDomain . "install.php";
 
-		$cmd = "curl --request POST "
-		  . ($sslEnabled ? "" : "--insecure " )
-		  . "--url $installUrl "
-		  . "--header 'Content-Type: application/x-www-form-urlencoded' "
-		  . "--data l=en "
-		  . "--data 'd[title]=" . $options['wiki_name'] . "' "
-		  . "--data 'd[acl]=on' "
-		  . "--data 'd[superuser]=" . $options['superuser'] . "' "
-		  . "--data 'd[fullname]=" . $options['real_name'] . "' "
-		  . "--data 'd[email]=" . $options['email'] . "' "
-		  . "--data 'd[password]=" . $options['password'] . "' "
-		  . "--data 'd[confirm]=" . $options['password'] . "' "
-		  . "--data 'd[policy]=" . substr($options['initial_ACL_policy'], 0, 1) . "' "
-		  . "--data 'd[license]=" . explode(":", $options['content_license'])[0] . "' "
-		  . "--data submit=";
+		$cmd = implode(" ", array(
+			"curl",
+			"--request POST",
+			($sslEnabled ? "" : "--insecure "),
+			"--url " . escapeshellarg($installUrl),
+			"--header 'Content-Type: application/x-www-form-urlencoded'",
+			'--data-binary ' . escapeshellarg(http_build_query(array(
+				"l" => "en",
+				"d" => array(
+					"title" => $options['wiki_name'],
+					'acl' => 'on',
+					'superuser' => $options['superuser'],
+					'fullname' => $options['real_name'],
+					'email' => $options['email'],
+					'password' => $options['password'],
+					'confirm' => $options['password'],
+					'policy' => substr($options['initial_ACL_policy'], 0, 1),
+					'license' => explode(":", $options['content_license'])[0]
+				),
+				'submit' => ''
+			)))
+		));
 
 		exec($cmd, $output, $return_var);
 		if($return_var > 0){