[freeside-commits] freeside/FS/bin freeside-paymentech-upload, 1.3, 1.4 freeside-paymentech-download, 1.3, 1.4

Tue Nov 3 11:56:49 PST 2009

Update of /home/cvs/cvsroot/freeside/FS/bin
In directory wavetail.420.am:/tmp/cvs-serv13029

Modified Files:
	freeside-paymentech-upload freeside-paymentech-download 
Log Message:
check for zip and unzip commands, use multi-arg version of system to prevent the shell getting its hands on things (metacharacters in pw or whatnot), RT#5650

Index: freeside-paymentech-upload
===================================================================
RCS file: /home/cvs/cvsroot/freeside/FS/bin/freeside-paymentech-upload,v
retrieving revision 1.3
retrieving revision 1.4
diff -u -d -r1.3 -r1.4

--- freeside-paymentech-upload	3 Nov 2009 19:11:26 -0000	1.3
+++ freeside-paymentech-upload	3 Nov 2009 19:56:46 -0000	1.4
@@ -25,6 +25,8 @@
 my $user = shift or die &usage;
 adminsuidsetup $user;
 
+my $zip_check = `which zip` or die "can't find zip executable\n";
+
 my @batches; 
 
 if($opt_a) {
@@ -60,7 +62,8 @@
   print OUT $text;
   close OUT;
 
-  system("zip -P $password -q -j $tmpdir/$filename.zip $tmpdir/$filename.xml");
+  system('zip', '-P', '$password', '-q', '-j',
+           "$tmpdir/$filename.zip", "$tmpdir/$filename.xml");
 
   die "failed to create zip file\n" if (! -f "$tmpdir/$filename.zip" );
   push @filenames, $filename;

Index: freeside-paymentech-download
===================================================================
RCS file: /home/cvs/cvsroot/freeside/FS/bin/freeside-paymentech-download,v
retrieving revision 1.3
retrieving revision 1.4
diff -u -d -r1.3 -r1.4
--- freeside-paymentech-download	3 Nov 2009 19:11:25 -0000	1.3
+++ freeside-paymentech-download	3 Nov 2009 19:56:47 -0000	1.4
@@ -30,6 +30,8 @@
     unless -w $opt_a;
 }
 
+my $unzip_check = `which unzip` or die "can't find unzip executable\n";
+
 #my $tmpdir = File::Temp->newdir();
 my $tmpdir = tempdir( CLEANUP => 1 ); #DIR=>somewhere?
 
@@ -64,9 +66,10 @@
   }
 
   #unzip file
-  system("unzip -P $password -q $tmpdir/${filename}_resp.zip -d $tmpdir");
+  system('unzip', '-P', '$password', '-q',
+           "$tmpdir/${filename}_resp.zip", '-d', $tmpdir);
   if(! -f "$tmpdir/${filename}_resp.xml") {
-    warn "failed to extract ${filename}_resp.xml\n";
+    warn "failed to extract ${filename}_resp.xml from ${filename}_resp.zip\n";
     next BATCH;
   }
 

