From 48871eb7d4b50aeafb5e505eada6a356658079cf Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Antoine=20Beaupr=C3=A9?= <anarcat@anarcat.ath.cx>
Date: Tue, 22 Jan 2008 02:24:59 +0000
Subject: [PATCH] use escapeshellarg() properly and in both functions.

---
 bureau/class/m_bro.php | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/bureau/class/m_bro.php b/bureau/class/m_bro.php
index 13aa3fd4..cd276b55 100644
--- a/bureau/class/m_bro.php
+++ b/bureau/class/m_bro.php
@@ -428,6 +428,8 @@ class m_bro {
       $err->raise("bro",1);
       return false;
     }
+    $file = escapeshellarg($file);
+    $dest = escapeshellarg($dest);
     if ($i == 0) {
 #TODO new version of tar supports `tar xf ...` so there is no
 #     need to specify the compression format
@@ -534,8 +536,10 @@ class m_bro {
     */
 
     // Last step // Copy -R
-    $src = escapeshellarg($this->convertabsolute($src));
-    $dest = escapeshellarg($this->convertabsolute($dest));
+    $src = $this->convertabsolute($src);
+    $dest = $this->convertabsolute($dest);
+    $src = escapeshellarg($src);
+    $dest = escapeshellarg($dest);
     if (!$src || !$dest) {
       $err->raise("bro",1);
       return false;