diff --git a/lib/QubitCsvImport.class.php b/lib/QubitCsvImport.class.php index 7779042cbe..5cd1ea1922 100644 --- a/lib/QubitCsvImport.class.php +++ b/lib/QubitCsvImport.class.php @@ -97,7 +97,7 @@ public function import($csvFile, $type = null, $csvOrigFileName = null) $commandIndexFlag = ('csv:event-import' != $taskClassName && $this->indexDuringImport) ? '--index' : ''; // Figure out whether user option should be added to command - $commandUser = ('csv:import' == $taskClassName) ? sprintf('--user-id="%s"', sfContext::getInstance()->getUser()->getUserId()) : ''; + $commandUser = ('csv:import' == $taskClassName) ? sprintf('--user-id=%s', sfContext::getInstance()->getUser()->getUserId()) : ''; if ('' !== $this->updateType) { switch ($this->updateType) { @@ -110,7 +110,7 @@ public function import($csvFile, $type = null, $csvOrigFileName = null) case 'delete-and-replace': $commandUpdate = ('match-and-update' == $this->updateType) ? '--update="match-and-update"' : '--update="delete-and-replace"'; $commandSkipUnmatched = ($this->skipUnmatched) ? '--skip-unmatched' : ''; - $commandLimit = ('' !== $this->limit) ? "--limit=\"{$this->limit}\"" : ''; + $commandLimit = ('' !== $this->limit) ? sprintf('--limit=%s', $this->limit) : ''; break; @@ -211,7 +211,7 @@ public function doTransform($csvFile) ); // Redirect stderr to stdout to logfile. - $command .= ' 2>&1 > '.$logFileName; + $command .= ' 2>&1 > '.escapeshellarg($logFileName); exec($command, $output, $exitCode);