From 0ebf436d479fd16c11f168357d1d0e4498c8c1fb Mon Sep 17 00:00:00 2001
From: Etz <edsuls@gmail.com>
Date: Sat, 12 Aug 2017 22:19:12 +0300
Subject: [PATCH] refactor: Replace escapeshellcmd with Purifier in service
 checks (#7118)

* fix: issue #4934

Required for service checks, which include multiple quotes or regex.

Proposed patch tested, works.

* fix: issue #4934

Required for service checks, which include multiple quotes or regex.

Proposed patch tested, works.
---
 includes/services.inc.php | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/includes/services.inc.php b/includes/services.inc.php
index 310b31942f..0016dd20dc 100644
--- a/includes/services.inc.php
+++ b/includes/services.inc.php
@@ -202,13 +202,18 @@ function poll_service($service)
 
 function check_service($command)
 {
+    global $config;
     // This array is used to test for valid UOM's to be used for graphing.
     // Valid values from: https://nagios-plugins.org/doc/guidelines.html#AEN200
     // Note: This array must be decend from 2 char to 1 char so that the search works correctly.
     $valid_uom = array ('us', 'ms', 'KB', 'MB', 'GB', 'TB', 'c', 's', '%', 'B');
 
     // Make our command safe.
-    $command = 'LC_NUMERIC="C" '. escapeshellcmd($command);
+    $p_config = HTMLPurifier_Config::createDefault();
+    $p_config->set('Cache.SerializerPath', $config['temp_dir']);
+    $purifier = new HTMLPurifier($p_config);
+
+    $command = 'LC_NUMERIC="C" '. $purifier->purify($command);
 
     // Run the command and return its response.
     exec($command, $response_array, $status);