X-Git-Url: http://git.rot13.org/?p=BackupPC.git;a=blobdiff_plain;f=bin%2FBackupPC_archiveHost;h=e66c241f80d10651e73de77bdddefce4b3cb4fc3;hp=2416df35271602daecd1c641643d6fd9d2351a8f;hb=1e64554b4812c6fccce5aa853aee8a7a6a85987f;hpb=5b79f9a3c01bca16dd4d211e76fc53daa549e421

diff --git a/bin/BackupPC_archiveHost b/bin/BackupPC_archiveHost
index 2416df3..e66c241 100755
--- a/bin/BackupPC_archiveHost
+++ b/bin/BackupPC_archiveHost
@@ -1,4 +1,4 @@
-#!/bin/perl
+#!/usr/bin/perl
 #=============================================================
 #
 # BackupPC_archiveHost: Archive files for a single host
@@ -20,7 +20,7 @@
 #   Josh Marshall
 #
 # COPYRIGHT
-#   Copyright (C) 2001-2007  Craig Barratt
+#   Copyright (C) 2001-2009  Craig Barratt
 #
 #   This program is free software; you can redistribute it and/or modify
 #   it under the terms of the GNU General Public License as published by
@@ -38,7 +38,7 @@
 #
 #========================================================================
 #
-# Version 3.1.0, released 25 Nov 2007.
+# Version 3.2.0, released 31 Jul 2010.
 #
 # See http://backuppc.sourceforge.net.
 #
@@ -77,6 +77,10 @@ die("BackupPC::Lib->new failed\n") if ( !(my $bpc = BackupPC::Lib->new) );
 # Make sure the specified programs are executable
 #
 foreach my $prog ( ($tarCreate, $compPath, $splitPath, $parPath) ) {
+    if ( $prog =~ /[][;&()<>{}|^\n\r\t *\$\\'"`?]/ ) {
+        print("Error: executable path $prog contains suspicious characters\n");
+        exit(1);
+    }
     next if ( $prog eq "" || -x $prog );
     print("Error: $prog is not an executable program\n");
     exit(1);
@@ -88,6 +92,10 @@ my $mesg = "Writing tar archive for host $host, backup #$bkupNum";
 #
 $share       = $bpc->shellEscape($share);
 $host        = $bpc->shellEscape($host);
+$bkupNum     = $bpc->shellEscape($bkupNum);
+$fileExt     = $bpc->shellEscape($fileExt);
+$splitSize   = $bpc->shellEscape($splitSize);
+$parfile     = $bpc->shellEscape($parfile);
 my $outLocE  = $bpc->shellEscape($outLoc);
 
 #
@@ -114,7 +122,7 @@ if ( -b $outLoc || -c $outLoc || -f $outLoc ) {
     # Output file is a device or a regular file, so don't use split
     #
     $cmd  .= ">> $outLocE";
-    $mesg .= " to $outLocE";
+    $mesg .= " to $outLoc";
 } else {
     mkpath($outLoc) if ( !-d $outLoc );
     if ( !-d $outLoc ) {
@@ -146,7 +154,7 @@ if ( $ret ) {
 # ie: not a tape device).
 #
 if ( -d $outLoc && -x $parPath ) {
-    if ( $parfile != 0 ) {
+    if ( length($parfile) ) {
         print("Running $parPath to create parity files\n");
 	my $parCmd = "$parPath c -r$parfile $outLocE/$host.$bkupNum.tar$fileExt.par2 $outLocE/$host.$bkupNum.tar$fileExt*";
         $ret = system($parCmd);