From 7b8340f0210a7ce5f0bab35e4d29ee6e13fd8daa Mon Sep 17 00:00:00 2001
From: fusionate <nate@fusionpbx.com>
Date: Thu, 20 Mar 2025 09:51:37 -0600
Subject: [PATCH] Access Control - Edit: Escape submitted values in dig
 command.

---
 app/access_controls/access_control_edit.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/app/access_controls/access_control_edit.php b/app/access_controls/access_control_edit.php
index d6e21d7bdc..dfb644d9fe 100644
--- a/app/access_controls/access_control_edit.php
+++ b/app/access_controls/access_control_edit.php
@@ -202,7 +202,7 @@
 				//attempt digs
 				if (!empty($digs) && is_array($digs)) {
 					foreach ($digs as $dig) {
-						$response = shell_exec("dig +noall +answer ".$dig['value']." | awk '{ print $5 }'");
+						$response = shell_exec("dig +noall +answer ".escapeshellarg($dig['value'])." | awk '{ print $5 }'");
 						if (!empty($response)) {
 							$lines = explode("\n", $response);
 							foreach ($lines as $l => $line) {