fixup potential security hole

wkpark · May 5, 2015 · c805dfa · c805dfa
1 parent f697f98
commit c805dfa
Showing 1 changed file with 2 additions and 1 deletion.
diff --git a/plugin/processor/mimetex.php b/plugin/processor/mimetex.php
@@ -42,14 +42,15 @@ function processor_mimetex($formatter,$value) {
     $mimetex = str_replace ('shell:', '', $mimetex);
 
     $uniq = md5($tex);
+    $tex = escapeshellarg($tex);
 
     if ( ! file_exists ($cache_dir) ) {
       umask (000);
       mkdir ($cache_dir, 0777);
     }
 
     if ( $formatter->preview || $formatter->refresh || ! file_exists ("$cache_dir/$uniq.$ext")) {
-      $cmd = "$mimetex -e $cache_dir/$uniq.$ext \"$tex\"";
+      $cmd = "$mimetex -e $cache_dir/$uniq.$ext $tex";
       $fp = @popen ($cmd.$formatter->NULL, 'r');
       if ( ! is_resource ($fp) ) return $tex;
       pclose ($fp);