yujunjun/strapi
1
0
Fork 0
mirror of https://github.com/strapi/strapi.git synced 2025-11-06 21:29:24 +00:00
Code Issues Packages Projects Releases Wiki Activity

Patch security command injection

Browse Source
This commit is contained in:
Jim LAURIE 2018-07-29 19:30:55 +02:00
parent 179894c4c2
commit b29e03d032
4 changed files with 8 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
packages/strapi-admin/controllers/Admin.js
View File

@ -1,7 +1,7 @@
'use strict'; 'use strict';
const path = require('path'); const path = require('path');
const exec = require('child_process').execSync; const exec = require('child_process').spawnSync;
const _ = require('lodash'); const _ = require('lodash');
/** /**
@ -53,8 +53,7 @@ module.exports = {
strapi.reload.isWatching = false; strapi.reload.isWatching = false;
strapi.log.info(`Installing ${plugin}...`); strapi.log.info(`Installing ${plugin}...`);
exec('node', [strapiBin, 'install', plugin, (port === '4000') ? '--dev' : '']);
exec(`node "${strapiBin}" install ${plugin} ${port === '4000' ? '--dev' : ''}`);
ctx.send({ ok: true }); ctx.send({ ok: true });
@ -87,7 +86,7 @@ module.exports = {
strapi.reload.isWatching = false; strapi.reload.isWatching = false;
strapi.log.info(`Uninstalling ${plugin}...`); strapi.log.info(`Uninstalling ${plugin}...`);
exec(`node "${strapiBin}" uninstall ${plugin}`); exec('node', [strapiBin, 'uninstall', plugin]);
ctx.send({ ok: true }); ctx.send({ ok: true });

6
packages/strapi-plugin-settings-manager/services/SettingsManager.js
View File

@ -3,7 +3,7 @@
const fs = require('fs'); const fs = require('fs');
const path = require('path'); const path = require('path');
const _ = require('lodash'); const _ = require('lodash');
const exec = require('child_process').execSync; const exec = require('child_process').spawnSync;
module.exports = { module.exports = {
menu: { menu: {
@ -901,12 +901,12 @@ module.exports = {
if (connector && !installedConnector) { if (connector && !installedConnector) {
strapi.log.info(`Installing ${connector} dependency ...`); strapi.log.info(`Installing ${connector} dependency ...`);
exec(`npm install ${connector}@alpha`); exec('npm', ['install', `${connector}@alpha`]);
} }
if (client && !installedClient) { if (client && !installedClient) {
strapi.log.info(`Installing ${client} dependency ...`); strapi.log.info(`Installing ${client} dependency ...`);
exec(`npm install ${client}`); exec('npm', ['install', client]);
} }
}, },

2
packages/strapi/bin/strapi-install.js
View File

@ -60,7 +60,7 @@ module.exports = function (plugin, cliArguments) {
if (!isStrapiInstalledWithNPM) { if (!isStrapiInstalledWithNPM) {
// Create the directory yarn doesn't do it it // Create the directory yarn doesn't do it it
shell.exec(`mkdir ${pluginPath}`); shell.exec('mkdir', [pluginPath]);
// Add a package.json so it installs the dependencies // Add a package.json so it installs the dependencies
shell.touch(`${pluginPath}/package.json`); shell.touch(`${pluginPath}/package.json`);
fs.writeFileSync(`${pluginPath}/package.json`, JSON.stringify({}), 'utf8'); fs.writeFileSync(`${pluginPath}/package.json`, JSON.stringify({}), 'utf8');