X-Git-Url: http://git.rot13.org/?p=BackupPC.git;a=blobdiff_plain;f=bin%2FBackupPC_archiveHost;h=3147476692d4d9af880f5dcb6f6c78d24af5adcd;hp=f5535f1b9703266f9602e7751c190e648f6ff55b;hb=f6fbcc3682d2bc9e7dfdc26e95bd5fcdb359496d;hpb=fda25dc88a63ccac1c80efa2e4994bf0725ca9b7

diff --git a/bin/BackupPC_archiveHost b/bin/BackupPC_archiveHost
index f5535f1..3147476 100755
--- a/bin/BackupPC_archiveHost
+++ b/bin/BackupPC_archiveHost
@@ -1,4 +1,4 @@
-#!/bin/perl
+#!/usr/bin/perl
 #=============================================================
 #
 # BackupPC_archiveHost: Archive files for a single host
@@ -38,7 +38,7 @@
 #
 #========================================================================
 #
-# Version 3.1.0, released 25 Nov 2007.
+# Version 3.2.0beta0, released 5 April 2009.
 #
 # See http://backuppc.sourceforge.net.
 #
@@ -77,6 +77,10 @@ die("BackupPC::Lib->new failed\n") if ( !(my $bpc = BackupPC::Lib->new) );
 # Make sure the specified programs are executable
 #
 foreach my $prog ( ($tarCreate, $compPath, $splitPath, $parPath) ) {
+    if ( $prog =~ /[][;&()<>{}|^\n\r\t *\$\\'"`?]/ ) {
+        print("Error: executable path $prog contains suspicious characters\n");
+        exit(1);
+    }
     next if ( $prog eq "" || -x $prog );
     print("Error: $prog is not an executable program\n");
     exit(1);
@@ -86,8 +90,13 @@ my $mesg = "Writing tar archive for host $host, backup #$bkupNum";
 #
 # Build the command we will run
 #
-$share  = $bpc->shellEscape($share);
-$host   = $bpc->shellEscape($host);
+$share       = $bpc->shellEscape($share);
+$host        = $bpc->shellEscape($host);
+$bkupNum     = $bpc->shellEscape($bkupNum);
+$fileExt     = $bpc->shellEscape($fileExt);
+$splitSize   = $bpc->shellEscape($splitSize);
+$parfile     = $bpc->shellEscape($parfile);
+my $outLocE  = $bpc->shellEscape($outLoc);
 
 #
 # We prefer to use /bin/csh because the exit status of a pipeline
@@ -112,7 +121,7 @@ if ( -b $outLoc || -c $outLoc || -f $outLoc ) {
     #
     # Output file is a device or a regular file, so don't use split
     #
-    $cmd  .= ">> $outLoc";
+    $cmd  .= ">> $outLocE";
     $mesg .= " to $outLoc";
 } else {
     mkpath($outLoc) if ( !-d $outLoc );
@@ -121,11 +130,11 @@ if ( -b $outLoc || -c $outLoc || -f $outLoc ) {
         exit(1);
     }
     if ( $splitSize > 0 && -x $splitPath ) {
-        $cmd  .= "| $splitPath -b $splitSize - $outLoc/$host.$bkupNum.tar$fileExt.";
-        $mesg .= ", split to output files $outLoc/$host.$bkupNum.tar$fileExt.*";
+        $cmd  .= "| $splitPath -b $splitSize - $outLocE/$host.$bkupNum.tar$fileExt.";
+        $mesg .= ", split to output files $outLocE/$host.$bkupNum.tar$fileExt.*";
     } else {
-        $cmd  .= "> $outLoc/$host.$bkupNum.tar$fileExt";
-        $mesg .= " to output file $outLoc/$host.$bkupNum.tar$fileExt";
+        $cmd  .= "> $outLocE/$host.$bkupNum.tar$fileExt";
+        $mesg .= " to output file $outLocE/$host.$bkupNum.tar$fileExt";
     }
 }
 print("$mesg\n");
@@ -145,9 +154,9 @@ if ( $ret ) {
 # ie: not a tape device).
 #
 if ( -d $outLoc && -x $parPath ) {
-    if ( $parfile != 0 ) {
+    if ( length($parfile) ) {
         print("Running $parPath to create parity files\n");
-	my $parCmd = "$parPath c -r$parfile $outLoc/$host.$bkupNum.tar$fileExt.par2 $outLoc/$host.$bkupNum.tar$fileExt*";
+	my $parCmd = "$parPath c -r$parfile $outLocE/$host.$bkupNum.tar$fileExt.par2 $outLocE/$host.$bkupNum.tar$fileExt*";
         $ret = system($parCmd);
         if ( $ret ) {
 	    print("Executing: $parCmd\n");