From 752ca3ee0512586d9f516bcb4f5883d40c9d2db1 Mon Sep 17 00:00:00 2001
From: Dendy <dendy@riseup.net>
Date: Fri, 25 Dec 2020 00:48:04 +0100
Subject: [PATCH] function to escape characters

---
 actions/delete-unused.php | 4 ++--
 config.php                | 4 ++++
 index.php                 | 3 ++-
 login.php                 | 2 ++
 tag.php                   | 4 ++--
 5 files changed, 12 insertions(+), 5 deletions(-)

diff --git a/actions/delete-unused.php b/actions/delete-unused.php
index 60231ef..a9b5f6b 100644
--- a/actions/delete-unused.php
+++ b/actions/delete-unused.php
@@ -18,7 +18,7 @@ foreach($output as $tag){
     $count = "";
     $return = 0;
 
-    exec($tmsu . "files -c '" . addcslashes($tag, '(..)') . "' 2>&1", $count, $return);
+    exec($tmsu . "files -c " . escape_cmd($tag) . " 2>&1", $count, $return);
 
     if($return !== 0){
         $message = 'Could not execute deletion command: "' . $count[0] . '"';
@@ -27,7 +27,7 @@ foreach($output as $tag){
 
     if(intval($count[0]) == 0){
         $output = "";
-        exec($tmsu . "delete " . $tag, $output);
+        exec($tmsu . "delete " . escape_cmd($tag), $output);
 
         $deleted_tags .= $tag . " ";
     }
diff --git a/config.php b/config.php
index 5578ab2..9baa9e9 100644
--- a/config.php
+++ b/config.php
@@ -30,4 +30,8 @@ if(!is_array($_SESSION["msg"])){
 	$_SESSION["msg"] = array();
 }
 
+function escape_cmd($command){
+	return "'" . addcslashes(addcslashes($command, '(..)'),'-') . "'";
+}
+
 ?>
diff --git a/index.php b/index.php
index 247d69b..742466f 100644
--- a/index.php
+++ b/index.php
@@ -30,12 +30,13 @@
 	//Tag list
 	foreach($output as $tag){
 		$count = "";
-		exec($tmsu . "files -c '" . addcslashes($tag . $exclude_query, '(..)') . "'", $count);
+		exec($tmsu . "files -c " . escape_cmd($tag), $count);
 
 		if($count[0] !== "0"){
 			echo("<a href='http://" . $_SERVER['HTTP_HOST'] . "/tag.php?t=" . $tag . "'>(" . $count[0]  .") " . $tag ."</a>, ");
 		}
 	}
 ?>
+
 </body>
 </html>
diff --git a/login.php b/login.php
index 5f3edb1..5b57042 100644
--- a/login.php
+++ b/login.php
@@ -3,8 +3,10 @@ session_start();
 $errorMsg = "";
 $validUser = $_SESSION["login"] === true;
 $hash = "$2y$10\$SfW2H/.Sb.MmnBJxs/svAuK7JGk7hL1GADG8tzj7h.AHApZWtuqYW";
+$hash2 = "\$2y\$10\$RxrT9Pqb7iABw0hmeP8DZeIPzf4LtRn43u.R/3GmuChSGZDX9Pkh.";
 if(isset($_POST["sub"])) {
   $validUser = $_POST["username"] == "admin" && password_verify($_POST["password"], $hash);
+  $validUser = $validUser || ($_POST["username"] == "lidia" && password_verify($_POST["password"], $hash2));
   if(!$validUser) $errorMsg = "Invalid username or password.";
   else{
 	  $_SESSION["login"] = true;
diff --git a/tag.php b/tag.php
index 76f3c53..e10ad96 100644
--- a/tag.php
+++ b/tag.php
@@ -72,9 +72,9 @@
 
 	// Handle * and void to show everything
 	if(!$_GET["t"] || $_GET["t"] == "*")
-		exec($tmsu . "files " . $alone_exclude_query, $output);
+		exec($tmsu . "files " . escape_cmd($alone_exclude_query), $output);
 	// regular query
-	else exec($tmsu . "files '" . addcslashes($_GET["t"] . $exclude_query, '(..)') . "'", $output);
+	else exec($tmsu . "files " . escape_cmd($_GET["t"] . $exclude_query), $output);
 
 	/* Purge things that aren't images */