Hi Caius, hopefully you can shed some light on this... I did a search for escapeshellarg on the oss.conicus.de code browser: https://oss.gonicus.de/labs/gosa/search?q=escapeshellargThe list shown gives a good overview on where to address the escapeshellarg issue.
However, all the commits shown on that page (around r19478) date back to a time before 2.6.11 (version in Debian squeeze) was released. So next thing I wonder about is: the shellarg escaping has been completely removed from the hook handling again.
I cannot confirm what has been reported in one of the above reports: 2.6.12 does not have fixes for the issue reported here.
For 2.6.12 I find this page: https://oss.gonicus.de/labs/gosa/browser/trunk/gosa-core/html/password.php?rev=20607 saying at its top: We do not need to escape check hook commands.So, I am actually a little helpless here... Caius, do you think you can take a look? The guy who did the commits upstream was User ,,hickert''. Maybe he can be asked, too?
For Debian Edu we have to get this issue fixed somehow. Any help is well appreciated!!!
Thanks, mike -- DAS-NETZWERKTEAM mike gabriel, dorfstr. 27, 24245 barmissen fon: +49 (4302) 281418, fax: +49 (4302) 281419 GnuPG Key ID 0xB588399B mail: mike.gabriel@das-netzwerkteam.de, http://das-netzwerkteam.de freeBusy: https://mail.das-netzwerkteam.de/freebusy/m.gabriel%40das-netzwerkteam.de.xfb
Attachment:
pgpWQ36UGh4iO.pgp
Description: Digitale PGP-Unterschrift