From 470b0354daefaa1cff588609a19ccebc355585ea Mon Sep 17 00:00:00 2001 From: Steve Breker Date: Fri, 26 Jun 2026 10:47:08 -0700 Subject: [PATCH] Use escapeshellarg() with pdftotext --- lib/QubitFindingAid.class.php | 2 +- lib/model/QubitDigitalObject.php | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/lib/QubitFindingAid.class.php b/lib/QubitFindingAid.class.php index 4ff2c7af8f..9beb38325b 100644 --- a/lib/QubitFindingAid.class.php +++ b/lib/QubitFindingAid.class.php @@ -392,7 +392,7 @@ public function extractTranscript(): string sprintf('Extracting finding aid text from "%s"', $this->getPath()) ); - $command = sprintf('pdftotext %s - 2> /dev/null', $this->getPath()); + $command = sprintf('pdftotext %s - 2> /dev/null', escapeshellarg($this->getPath())); exec($command, $output, $status); if (0 !== $status) { diff --git a/lib/model/QubitDigitalObject.php b/lib/model/QubitDigitalObject.php index 3caba68034..291c0e01ec 100644 --- a/lib/model/QubitDigitalObject.php +++ b/lib/model/QubitDigitalObject.php @@ -3067,7 +3067,7 @@ public function extractText($connection = null) return; } - $command = sprintf('pdftotext %s - 2> /dev/null', $path); + $command = sprintf('pdftotext %s - 2> /dev/null', escapeshellarg($path)); exec($command, $output, $status); if (0 == $status && 0 < count($output)) {