Actions
Bug #4026
closed
native_ms/dnscmd providers should use shell escaping when running commands
Description
The two Windows providers (native_ms/dnscmd) should escape incoming data which is currently passed straight to the cmd.exe shell.
Assigning Sam as he's already looked a bit at this.
More discussion: https://github.com/theforeman/smart-proxy/pull/127/files#r8814677
Updated by Dominic Cleal almost 10 years ago
- Related to Feature #3991: dnscmd provider for smart-proxy (Windows) added
Updated by Stephen Benjamin over 9 years ago
- Related to Tracker #5409: DNS Proxy Improvements added
Updated by Anonymous over 6 years ago
- Assignee changed from Sam Kottler to Anonymous
Dmitry, I guess this can be closed?
Updated by Anonymous over 6 years ago
I don't think this can be closed -- dns_dnscmd provider doesn't escape data passed to it.
Updated by The Foreman Bot over 2 years ago
- Status changed from New to Ready For Testing
- Pull request https://github.com/theforeman/smart-proxy/pull/796 added
Updated by Anna Vítová over 2 years ago
- Assignee changed from Anonymous to Anna Vítová
Updated by Anonymous about 2 years ago
- Status changed from Ready For Testing to Closed
Applied in changeset 9522669b7287b62a8bc073f6f8abb5554184e57d.
Actions