X-Git-Url: https://git.openstreetmap.org./nominatim.git/blobdiff_plain/75f951d254127d8857b6ad95cac241917f88e542..d53af96aa49dfe74d4c54d375fbc6dce111faae1:/lib/cmd.php diff --git a/lib/cmd.php b/lib/cmd.php index 43669069..77878c15 100644 --- a/lib/cmd.php +++ b/lib/cmd.php @@ -120,11 +120,6 @@ function showUsage($aSpec, $bExit = false, $sError = false) exit; } -function chksql($oSql, $sMsg = false) -{ - return $oSql; -} - function info($sMsg) { echo date('Y-m-d H:i:s == ').$sMsg."\n"; @@ -153,12 +148,14 @@ function runSQLScript($sScript, $bfatal = true, $bVerbose = false, $bIgnoreError // Convert database DSN to psql parameters $aDSNInfo = \Nominatim\DB::parseDSN(CONST_Database_DSN); if (!isset($aDSNInfo['port']) || !$aDSNInfo['port']) $aDSNInfo['port'] = 5432; - $sCMD = 'psql -p '.$aDSNInfo['port'].' -d '.$aDSNInfo['database']; + $sCMD = 'psql' + .' -p '.escapeshellarg($aDSNInfo['port']) + .' -d '.escapeshellarg($aDSNInfo['database']); if (isset($aDSNInfo['hostspec']) && $aDSNInfo['hostspec']) { - $sCMD .= ' -h ' . $aDSNInfo['hostspec']; + $sCMD .= ' -h ' . escapeshellarg($aDSNInfo['hostspec']); } if (isset($aDSNInfo['username']) && $aDSNInfo['username']) { - $sCMD .= ' -U ' . $aDSNInfo['username']; + $sCMD .= ' -U ' . escapeshellarg($aDSNInfo['username']); } $aProcEnv = null; if (isset($aDSNInfo['password']) && $aDSNInfo['password']) {