The branch "FRAMEWORK_5_2" has been updated. The following is a summary of the commits.
from: c790839e7f7c33121626aa49278a039a5e282768 2f39693 Sanitize more arguments to protect against RCE. e254f50 Fix escaping in Watermark effect. 95d74c6 Must use addslashes here. Summary: https://github.com/horde/Image/compare/c790839e7f7c...95d74c6ab715 ----------------------------------------------------------------------- commit 2f3969305ebdad5704032f2ef5fc732cfc5ff1b8 Author: farisv <[email protected]> Date: Wed, 21 Nov 2018 11:11:43 -0500 Sanitize more arguments to protect against RCE. M lib/Horde/Image/Im.php https://github.com/horde/Image/commit/2f3969305ebdad5704032f2ef5fc732cfc5ff1b8 ----------------------------------------------------------------------- commit e254f500d8dbd7f4f3afafc6d131e9b9c500ccd1 Author: Michael J Rubinsky <[email protected]> Date: Wed, 21 Nov 2018 11:11:55 -0500 Fix escaping in Watermark effect. Current escaping breaks the command by wrapping the already double quoted value in single quotes, and potentially unevenly escaping quote characters in the string. M lib/Horde/Image/Effect/Im/TextWatermark.php https://github.com/horde/Image/commit/e254f500d8dbd7f4f3afafc6d131e9b9c500ccd1 ----------------------------------------------------------------------- commit 95d74c6ab7158729ca9f7c4ff140dc687a8a40d2 Author: Michael J Rubinsky <[email protected]> Date: Wed, 21 Nov 2018 11:12:07 -0500 Must use addslashes here. We don't want the entire string single quoted. M lib/Horde/Image/Im.php https://github.com/horde/Image/commit/95d74c6ab7158729ca9f7c4ff140dc687a8a40d2 -- commits mailing list Frequently Asked Questions: http://wiki.horde.org/FAQ To unsubscribe, mail: [email protected]
