From 058d6e9acdd83fe93ffe65ddfb67d4ce5f1209d4 Mon Sep 17 00:00:00 2001
From: Benjamin Sonntag <benjamin@octopuce.fr>
Date: Wed, 29 Apr 2015 12:53:45 +0200
Subject: [PATCH] =?UTF-8?q?Fix=20for=20[1639]=C2=A0given=20by=20anonymous?=
 =?UTF-8?q?=20in=20CopyOneFile?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 bureau/class/m_bro.php | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/bureau/class/m_bro.php b/bureau/class/m_bro.php
index 47a72766..94008ed7 100644
--- a/bureau/class/m_bro.php
+++ b/bureau/class/m_bro.php
@@ -662,7 +662,7 @@ class m_bro {
     } else {
       $dest=$this->convertabsolute($dest,false);
     }
-    if (!$file || !$dest) {
+    if (!$file || !$dest || !is_readable($file)) {
       $err->raise("bro",_("File or folder name is incorrect"));
       return 1;
     }
@@ -742,8 +742,6 @@ class m_bro {
    */
   function CopyOneFile($src, $dest) {
     global $err;
-    $src=escapeshellarg($src);
-    $dest=escapeshellarg($dest);
     exec("cp -Rpf ".escapeshellarg($src)." ".escapeshellarg($dest), $void, $ret);
     if ($ret) {
       $err->raise("bro","Errors happened while copying the source to destination. cp return value: %d", $ret);