From: kink <kink@7612ce4b-ef26-0410-bec9-ea0150e637f0>
Date: Sun, 28 Aug 2005 12:57:57 +0000 (+0000)
Subject: Use shell exec so we can escape the fortune output.
X-Git-Url: https://vcs.fsf.org/?a=commitdiff_plain;h=ee2375c0962984cbdf0c05a204e7e8eab8fb279a;p=squirrelmail.git

Use shell exec so we can escape the fortune output.


git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@10020 7612ce4b-ef26-0410-bec9-ea0150e637f0
---

diff --git a/plugins/fortune/functions.php b/plugins/fortune/functions.php
index ec8f4fe9..fe1b9c62 100644
--- a/plugins/fortune/functions.php
+++ b/plugins/fortune/functions.php
@@ -55,9 +55,9 @@ function fortune_function() {
     if (!$exist) {
         printf(_("%s is not found."),$fortune_location);
     } else {
-        echo "<center><em>" . _("Today's Fortune") . "</em></center><pre>\n";
-        htmlspecialchars(system($fortune_command));
-        echo "</pre>\n";
+        echo "<center><em>" . _("Today's Fortune") . "</em></center><pre>\n" .
+            htmlspecialchars(shell_exec($fortune_command)) .
+            "</pre>\n";
     }
 
     echo '</td></tr></table></td></tr></table></td></tr></table></center>';
@@ -90,4 +90,4 @@ function fortune_function_load() {
 
     $fortune_visible = getPref($data_dir, $username, 'fortune_visible');
 }
-?>
\ No newline at end of file
+?>