Sanitize inputs BEFORE constructing a command string

author: Joseph Hunkeler <jhunkeler@gmail.com> 2019-12-31 01:57:13 -0500
committer: Joseph Hunkeler <jhunkeler@gmail.com> 2019-12-31 01:57:13 -0500
commit: 553c5233d35b7648045a928004fdfc05b4e0d965 (patch)
tree: 6afb95cfe8ef1252e8d9619984ca754c7ddc2881 /src/fs.c
parent: 96145d5fdc0d695414f200c2afa372818f4857df (diff)
download: spmc-553c5233d35b7648045a928004fdfc05b4e0d965.tar.gz
1 files changed, 4 insertions, 2 deletions
diff --git a/src/fs.c b/src/fs.c
index bedfec1..1ee7901 100644
--- a/src/fs.c
+++ b/src/fs.c
@@ -294,9 +294,11 @@ int rsync(const char *_args, const char *_source, const char *_destination) {
         strcat(args_combined, _args);
     }
 
+    strchrdel(args_combined, "&;|");
+    strchrdel(source, "&;|");
+    strchrdel(destination, "&;|");
+
     snprintf(cmd, PATH_MAX, "rsync %s \"%s\" \"%s\" 2>&1", args_combined, source, destination);
-    // sanitize command
-    strchrdel(cmd, "&;|");
     shell(&proc, SHELL_OUTPUT, cmd);
     if (!proc) {
         if (args) {
author	Joseph Hunkeler <jhunkeler@gmail.com>	2019-12-31 01:57:13 -0500
committer	Joseph Hunkeler <jhunkeler@gmail.com>	2019-12-31 01:57:13 -0500
commit	553c5233d35b7648045a928004fdfc05b4e0d965 (patch)
tree	6afb95cfe8ef1252e8d9619984ca754c7ddc2881 /src/fs.c
parent	96145d5fdc0d695414f200c2afa372818f4857df (diff)
download	spmc-553c5233d35b7648045a928004fdfc05b4e0d965.tar.gz