From a9970aa2d0f32e2dd2de8fd837b369e3cf92ee37 Mon Sep 17 00:00:00 2001
From: Liam McLoughlin <hexxeh@hexxeh.net>
Date: Wed, 27 Jul 2011 21:25:15 +0100
Subject: Fix broken shell filter

---
 web/process.php | 16 ++++++++--------
 1 file changed, 8 insertions(+), 8 deletions(-)

diff --git a/web/process.php b/web/process.php
index 1daaa86..cadbf98 100644
--- a/web/process.php
+++ b/web/process.php
@@ -31,19 +31,19 @@
     function sanitize_shellarg($arg) {
         return escapeshellarg($arg);
     }
-    define("FILTER_SANITIZE_SHELL", array("options" => "sanitize_shellarg"));
+    $shellfilter = array("options" => "sanitize_shellarg");
 
     $buildID = uniqid();
     $bootMegabytes = filter_input(INPUT_POST, "boot_size", FILTER_VALIDATE_INT);
     $swapMegabytes = filter_input(INPUT_POST, "swap_size", FILTER_VALIDATE_INT);
     $rootMegabytes = filter_input(INPUT_POST, "root_size", FILTER_VALIDATE_INT);
-    $timezone = filter_input(INPUT_POST, "timezone", FILTER_SANITIZE_SHELL);
-    $hostname = filter_input(INPUT_POST, "hostname", FILTER_SANITIZE_SHELL);
-    $username =  filter_input(INPUT_POST, "username", FILTER_SANITIZE_SHELL);
-    $password = filter_input(INPUT_POST, "password", FILTER_SANITIZE_SHELL);
-    $rootPass = filter_input(INPUT_POST, "rootpassword", FILTER_SANITIZE_SHELL);
-    $packagesList = filter_input(INPUT_POST, "packages", FILTER_SANITIZE_SHELL);
-    $outputFormat = filter_input(INPUT_POST, "format", FILTER_SANITIZE_SHELL);
+    $timezone = filter_input(INPUT_POST, "timezone", FILTER_CALLBACK, $shellfilter);
+    $hostname = filter_input(INPUT_POST, "hostname", FILTER_CALLBACK, $shellfilter);
+    $username =  filter_input(INPUT_POST, "username", FILTER_CALLBACK, $shellfilter);
+    $password = filter_input(INPUT_POST, "password", FILTER_CALLBACK, $shellfilter);
+    $rootPass = filter_input(INPUT_POST, "rootpassword", FILTER_CALLBACK, $shellfilter);
+    $packagesList = filter_input(INPUT_POST, "packages", FILTER_CALLBACK, $shellfilter);
+    $outputFormat = filter_input(INPUT_POST, "format", FILTER_CALLBACK, $shellfilter);
 
     $packagesList = str_replace("\r\n", " ", $packagesList);
     $packagesList = str_replace("\n", " ", $packagesList);
-- 
cgit v1.2.3-65-gdbad