octoleo
/
lsyncd
mirror of https://github.com/octoleo/lsyncd.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

fix: direct mode allows injecting unauthorized filesystem operations

This commit is contained in:
Marcin Szewczyk 2015-10-27 15:18:26 +01:00
parent cce7db5ebd
commit c4f4ac3e01
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
default-direct.lua
View File

@ -109,13 +109,13 @@ direct.action = function(inlet)
error('Refusing to erase your harddisk!') error('Refusing to erase your harddisk!')
end end
local command = '/bin/mv $1 $2 || /bin/rm -rf $1' local command = '/bin/mv "$1" "$2" || /bin/rm -rf "$1"'
if if
config.delete ~= true and config.delete ~= true and
config.delete ~= 'running' config.delete ~= 'running'
then then
command = '/bin/mv $1 $2' command = '/bin/mv "$1" "$2"'
end end
spawnShell( spawnShell(