From 6c83bc5a2edfe2fc85d27ac10dd2b7bf97177b63 Mon Sep 17 00:00:00 2001
From: cark <lp0@tilde.club>
Date: Fri, 20 Aug 2021 16:55:11 +0100
Subject: [PATCH] escape shell arg

---
 static/man.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/static/man.php b/static/man.php
index fb206f6..d807aa5 100644
--- a/static/man.php
+++ b/static/man.php
@@ -21,7 +21,7 @@ $command = $_GET["command"];
 echo $command;
 $output=null;
 $retval=null;
-exec('man --html=cat ' . $command , $output, $retval);
+exec('man --html=cat '.escapeshellarg($command) , $output, $retval);
 echo "Returned with status $retval and output:\n"; 
 foreach ($output as $line): ?>
 <?=$line?>