dave/coolify
1
0
Fork 0
Code Issues Pull Requests Actions 2 Packages Projects Releases Wiki Activity

fix(previews): escape container names in stopContainers method to prevent shell injection vulnerabilities

Browse Source
This commit is contained in:
Andras Bacsai
2025-06-04 09:11:08 +02:00
parent ad98d135a1
commit 1704a25a24
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
app/Livewire/Project/Application/Previews.php
View File

@@ -247,7 +247,7 @@ class Previews extends Component
$containerNames[] = str_replace('/', '', $container['Names']);
}
$containerList = implode(' ', $containerNames);
$containerList = implode(' ', array_map('escapeshellarg', $containerNames));
$commands = [
"docker stop --time=$timeout $containerList",
"docker rm -f $containerList",