hardening: move to argument array pattern for shell execution (backport to 1.2.x)

Author: somethingwithproof

lib/poller.php

@@ -130,7 +130,15 @@ function exec_poll_php($command, $using_proc_function, $pipes, $proc_fd) {
  * @return (void)
  */
 function exec_background($filename, $args = '', $redirect_args = '') {
-	global $config, $debug;
+	global $debug;
+
+	if (is_array($args)) {
+		$args = implode(' ', array_map('cacti_escapeshellarg', $args));
+	}
+
+	if (is_array($redirect_args)) {
+		$redirect_args = implode(' ', $redirect_args);
+	}
 
 	cacti_log("DEBUG: About to Spawn a Remote Process [CMD: $filename, ARGS: $args]", true, 'POLLER', ($debug ? POLLER_VERBOSITY_NONE:POLLER_VERBOSITY_DEBUG));
 

lib/rrd.php

@@ -255,6 +255,10 @@ function rrdtool_execute() {
 function __rrd_execute($command_line, $log_to_stdout, $output_flag, $rrdtool_pipe = false, $logopt = 'WEBLOG') {
 	global $config;
 
+	if (is_array($command_line)) {
+		$command_line = implode(' ', array_map('cacti_escapeshellarg', $command_line));
+	}
+
 	static $last_command;
 
 	if (!is_numeric($output_flag)) {