diff options
| author | Jay Freeman (saurik) <saurik@saurik.com> | 2015-07-05 01:17:17 -0700 |
|---|---|---|
| committer | Jay Freeman (saurik) <saurik@saurik.com> | 2015-07-05 01:21:46 -0700 |
| commit | d8b0f6e3ea8f6f9d95b039c1309b4c06413b8357 (patch) | |
| tree | 23b625bc17269e7cb645467eb04d07c16dd11570 | |
| parent | 688d4976aea1b292b5bcc3ea92096744255dd842 (diff) | |
Escape shell arguments passed to system and popen.v1.1.20
| -rw-r--r-- | MobileCydia.mm | 12 |
1 files changed, 8 insertions, 4 deletions
diff --git a/MobileCydia.mm b/MobileCydia.mm index e03dee4..364b034 100644 --- a/MobileCydia.mm +++ b/MobileCydia.mm @@ -290,6 +290,10 @@ static _finline NSString *CydiaURL(NSString *path) { return [[NSString stringWithUTF8String:page] stringByAppendingString:path]; } +static NSString *ShellEscape(NSString *value) { + return [NSString stringWithFormat:@"'%@'", [value stringByReplacingOccurrencesOfString:@"'" withString:@"'\\''"]]; +} + static _finline void UpdateExternalStatus(uint64_t newStatus) { int notify_token; if (notify_register_check("com.saurik.Cydia.status", ¬ify_token) == NOTIFY_STATUS_OK) { @@ -4088,8 +4092,8 @@ class CydiaLogCleaner : struct stat info; if (stat([nextended UTF8String], &info) != -1 && (info.st_mode & S_IFMT) == S_IFREG) { - system([[NSString stringWithFormat:@"/usr/libexec/cydia/cydo /bin/mv -f %@ %@", nextended, oextended] UTF8String]); - system([[NSString stringWithFormat:@"/usr/libexec/cydia/cydo /bin/chown 0:0 %@", oextended] UTF8String]); + system([[NSString stringWithFormat:@"/usr/libexec/cydia/cydo /bin/mv -f %@ %@", ShellEscape(nextended), ShellEscape(oextended)] UTF8String]); + system([[NSString stringWithFormat:@"/usr/libexec/cydia/cydo /bin/chown 0:0 %@", ShellEscape(oextended)] UTF8String]); } unlink([nextended UTF8String]); @@ -4725,7 +4729,7 @@ static _H<NSMutableSet> Diversions_; - (NSNumber *) du:(NSString *)path { NSNumber *value(nil); - FILE *du(popen([[NSString stringWithFormat:@"/usr/libexec/cydia/cydo /usr/libexec/cydia/du -ks %@", path] UTF8String], "r")); + FILE *du(popen([[NSString stringWithFormat:@"/usr/libexec/cydia/cydo /usr/libexec/cydia/du -ks %@", ShellEscape(path)] UTF8String], "r")); if (du != NULL) { char line[1024]; while (fgets(line, sizeof(line), du) != NULL) { @@ -9349,7 +9353,7 @@ _end @synchronized (self) { for (Package *broken in (id) broken_) { [broken remove]; - NSString *id([broken id]); + NSString *id(ShellEscape([broken id])); system([[NSString stringWithFormat:@"/usr/libexec/cydia/cydo /bin/rm -f" " /var/lib/dpkg/info/%@.prerm" " /var/lib/dpkg/info/%@.postrm" |