]> git.openstreetmap.org Git - nominatim.git/blobdiff - lib/cmd.php
projects / nominatim.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Merge pull request #1557 from mtmail/document-boundingbox
[nominatim.git] / lib / cmd.php
diff --git a/lib/cmd.php b/lib/cmd.php
index 32fdc8576de70157382e2733f3875a0ac5d728e3..77878c153c73f90440fcbf532413c68ca13dab40 100644 (file)
--- a/lib/cmd.php
+++ b/lib/cmd.php
@@ -148,12 +148,14 @@ function runSQLScript($sScript, $bfatal = true, $bVerbose = false, $bIgnoreError
     // Convert database DSN to psql parameters
     $aDSNInfo = \Nominatim\DB::parseDSN(CONST_Database_DSN);
     if (!isset($aDSNInfo['port']) || !$aDSNInfo['port']) $aDSNInfo['port'] = 5432;
-    $sCMD = 'psql -p '.$aDSNInfo['port'].' -d '.$aDSNInfo['database'];
+    $sCMD = 'psql'
+        .' -p '.escapeshellarg($aDSNInfo['port'])
+        .' -d '.escapeshellarg($aDSNInfo['database']);
     if (isset($aDSNInfo['hostspec']) && $aDSNInfo['hostspec']) {
-        $sCMD .= ' -h ' . $aDSNInfo['hostspec'];
+        $sCMD .= ' -h ' . escapeshellarg($aDSNInfo['hostspec']);
     }
     if (isset($aDSNInfo['username']) && $aDSNInfo['username']) {
-        $sCMD .= ' -U ' . $aDSNInfo['username'];
+        $sCMD .= ' -U ' . escapeshellarg($aDSNInfo['username']);
     }
     $aProcEnv = null;
     if (isset($aDSNInfo['password']) && $aDSNInfo['password']) {
Open Source search based on OpenStreetMap data