yujunjun/strapi
1
0
Fork 0
mirror of https://github.com/strapi/strapi.git synced 2025-11-02 02:44:55 +00:00
Code Issues Packages Projects Releases Wiki Activity

Patch security command injection

Browse Source
This commit is contained in:
Jim LAURIE 2018-07-29 19:30:55 +02:00
parent 179894c4c2
commit b29e03d032
4 changed files with 8 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
packages/strapi-admin/controllers/Admin.js
View File

@ -1,7 +1,7 @@
'use strict';
const path = require('path');
const exec = require('child_process').execSync;
const exec = require('child_process').spawnSync;
const _ = require('lodash');
/**
@ -53,8 +53,7 @@ module.exports = {
strapi.reload.isWatching = false;
strapi.log.info(`Installing ${plugin}...`);
exec(`node "${strapiBin}" install ${plugin} ${port === '4000' ? '--dev' : ''}`);
exec('node', [strapiBin, 'install', plugin, (port === '4000') ? '--dev' : '']);
ctx.send({ ok: true });
@ -87,7 +86,7 @@ module.exports = {
strapi.reload.isWatching = false;
strapi.log.info(`Uninstalling ${plugin}...`);
exec(`node "${strapiBin}" uninstall ${plugin}`);
exec('node', [strapiBin, 'uninstall', plugin]);
ctx.send({ ok: true });

2
packages/strapi-admin/package.json
View File

@ -51,4 +51,4 @@
"npm": ">= 5.0.0"
},
"license": "MIT"
}
}

6
packages/strapi-plugin-settings-manager/services/SettingsManager.js
View File

@ -3,7 +3,7 @@
const fs = require('fs');
const path = require('path');
const _ = require('lodash');
const exec = require('child_process').execSync;
const exec = require('child_process').spawnSync;
module.exports = {
menu: {
@ -901,12 +901,12 @@ module.exports = {
if (connector && !installedConnector) {
strapi.log.info(`Installing ${connector} dependency ...`);
exec(`npm install ${connector}@alpha`);
exec('npm', ['install', `${connector}@alpha`]);
}
if (client && !installedClient) {
strapi.log.info(`Installing ${client} dependency ...`);
exec(`npm install ${client}`);
exec('npm', ['install', client]);
}
},

2
packages/strapi/bin/strapi-install.js
View File

@ -60,7 +60,7 @@ module.exports = function (plugin, cliArguments) {
if (!isStrapiInstalledWithNPM) {
// Create the directory yarn doesn't do it it
shell.exec(`mkdir ${pluginPath}`);
shell.exec('mkdir', [pluginPath]);
// Add a package.json so it installs the dependencies
shell.touch(`${pluginPath}/package.json`);
fs.writeFileSync(`${pluginPath}/package.json`, JSON.stringify({}), 'utf8');