RCE is bad please take it away

This commit is contained in:
southerntofu 2020-04-28 19:14:03 +00:00
parent 299d1784e9
commit 6347324899
1 changed files with 2 additions and 2 deletions

View File

@ -40,9 +40,9 @@ if (!isset($decoded["repository"]["html_url"])) {
exit();
}
$repo = $decoded["repository"]["html_url"];
// Please no Remote Code Execution
$repo = escapeshellarg($decoded["repository"]["html_url"]);
// TODO: looks dangerous but i have no clue what PHP is doing here
$secret = shell_exec("forgehook secret ".$repo);
if ($secret == NULL) {