Quote everything https://github.com/webmin/webmin/issues/1587

cron/cron-lib.pl

@@ -310,7 +310,7 @@ elsif ($fcron) {
 	}
 else {
 	system("cp ".&translate_filename("$config{'cron_dir'}/$_[0]->{'user'}").
-	       " $cron_temp_file 2>/dev/null");
+	       " ".quotemeta($cron_temp_file)." 2>/dev/null");
 	}
 }
 
@@ -378,7 +378,7 @@ else {
 	$_[0]->{'line'} = 0;
 	splice(@$lref, 0, 0, &cron_job_line($_[0]));
 	&flush_file_lines();
-	system("chown $_[0]->{'user'} $cron_temp_file");
+	&set_ownership_permissions($_[0]->{'user'}, undef, undef, $cron_temp_file);
 	&copy_crontab($_[0]->{'user'});
 	$_[0]->{'file'} = "$config{'cron_dir'}/$_[0]->{'user'}";
 	$_[0]->{'index'} = scalar(@cron_jobs_cache);
@@ -497,8 +497,8 @@ if (&read_file_contents($cron_temp_file) =~ /\S/) {
 	local $rv;
 	if (!&has_crontab_cmd()) {
 		# We have no crontab command .. emulate by copying to user file
-		$rv = system("cat $cron_temp_file".
-			" >$config{'cron_dir'}/$_[0] 2>/dev/null");
+		$rv = system("cat ".quotemeta($cron_temp_file).
+			" >".quotemeta("$config{'cron_dir'}/$_[0]")." 2>/dev/null");
 		&set_ownership_permissions($_[0], undef, 0600,
 			"$config{'cron_dir'}/$_[0]");
 		}

mailboxes/delete_mail.cgi

@@ -129,7 +129,7 @@ elsif ($in{'razor'} || $in{'ham'}) {
 		}
 
 	# Call reporting command on them
-	&open_execute_command(OUT, "$cmd <$temp 2>&1", 1);
+	&open_execute_command(OUT, "$cmd <".quotemeta($temp)." 2>&1", 1);
 	local $error;
 	while(<OUT>) {
 		print &html_escape($_);

proc/proc-lib.pl

@@ -123,7 +123,7 @@ if ($gconfig{'os_type'} eq 'windows') {
 	open(TEMP, ">$temp");
 	print TEMP $_[4];
 	close(TEMP);
-	&open_execute_command(OUT, "$_[0] <$temp 2>&1", 1);
+	&open_execute_command(OUT, "$_[0] <".quotemeta($temp)." 2>&1", 1);
 	local $fh = $_[3];
 	while(<OUT>) {
 		if ($_[5]) {

samba/samba-lib.pl

@@ -184,7 +184,7 @@ else {
 	&open_tempfile(TEMP, ">$temp", 0, 1);
 	&print_tempfile(TEMP, $v);
 	&close_tempfile(TEMP);
-	my $out = &backquote_command("iconv -f iso-8859-1 -t UTF-8 <$temp");
+	my $out = &backquote_command("iconv -f iso-8859-1 -t UTF-8 <".quotemeta($temp));
 	&unlink_file($temp);
 	return $? || $out eq '' ? $v : $out;
 	}
@@ -203,7 +203,7 @@ else {
 	&open_tempfile(TEMP, ">$temp", 0, 1);
 	&print_tempfile(TEMP, $v);
 	&close_tempfile(TEMP);
-	my $out = &backquote_command("iconv -f UTF-8 -t iso-8859-1 <$temp");
+	my $out = &backquote_command("iconv -f UTF-8 -t iso-8859-1 <".quotemeta($temp));
 	&unlink_file($temp);
 	return $? || $out eq '' ? $v : $out;
 	}

software/cygwin-lib.pl

@@ -273,7 +273,7 @@ if ($file =~ /\/[^\s]+[_\-]src[_\-]\d[^\s]*\.tar\.bz2$/) {
     $rv = install_cygwin_pkg($file, $temp, $in->{'root'}, $run_scripts,
 			     $in->{'replacepkgs'}, $in->{'upgrade'});
 } else {
-    $rv = &system_logged("rpm -i $opts ".quotemeta($file)." >$temp 2>&1");
+    $rv = &system_logged("rpm -i $opts ".quotemeta($file)." >".quotemeta($temp)." 2>&1");
 }
 local $out = "";
 if (! open(FILE, "<$temp")) {

software/pkgsrc-lib.pl

@@ -16,7 +16,7 @@ sub execute_pkgin_sql
 {
 my ($sql) = @_;
 my $errtemp = &transname();
-my $cmd = "sqlite3 -header $pkgin_sqlite_db ".quotemeta($sql)." 2>$errtemp";
+my $cmd = "sqlite3 -header $pkgin_sqlite_db ".quotemeta($sql)." 2>".quotemeta($errtemp);
 &open_execute_command(SQL, $cmd, 1, 1);
 my $headline = <SQL>;
 $headline =~ s/\r|\n//g;

web-lib-funcs.pl

@@ -6743,7 +6743,7 @@ sub backquote_with_timeout
 {
 my $realcmd = &translate_command($_[0]);
 my $out;
-my $pid = &open_execute_command(OUT, "($realcmd) <$null_file", 1, $_[2]);
+my $pid = &open_execute_command(OUT, "($realcmd) <".quotemeta($null_file), 1, $_[2]);
 my $start = time();
 my $timed_out = 0;
 my $linecount = 0;