if ($generate) {
// Use ghostscript to generate an image of the specified page.
- $gsexec = \get_config('assignfeedback_editpdf', 'gspath');
- $imageres = 100;
- $filename = $this->filename;
- $pagenoinc = $pageno + 1;
+ $gsexec = \escapeshellarg(\get_config('assignfeedback_editpdf', 'gspath'));
+ $imageres = \escapeshellarg(100);
+ $imagefilearg = \escapeshellarg($imagefile);
+ $filename = \escapeshellarg($this->filename);
+ $pagenoinc = \escapeshellarg($pageno + 1);
$command = "$gsexec -q -sDEVICE=png16m -dSAFER -dBATCH -dNOPAUSE -r$imageres -dFirstPage=$pagenoinc -dLastPage=$pagenoinc ".
- "-dGraphicsAlphaBits=4 -dTextAlphaBits=4 -sOutputFile=\"$imagefile\" \"$filename\"";
+ "-dGraphicsAlphaBits=4 -dTextAlphaBits=4 -sOutputFile=$imagefilearg $filename";
- //$command = escapeshellcmd($command);
$output = null;
$result = exec($command, $output);
if (!file_exists($imagefile)) {
$file->copy_content_to($tempsrc); // Copy the file.
- $gsexec = \get_config('assignfeedback_editpdf', 'gspath');
- $command = "$gsexec -q -sDEVICE=pdfwrite -dBATCH -dNOPAUSE -sOutputFile=\"$tempdst\" \"$tempsrc\"";
- //$command = escapeshellcmd($command);
+ $gsexec = \escapeshellarg(\get_config('assignfeedback_editpdf', 'gspath'));
+ $tempdstarg = \escapeshellarg($tempdst);
+ $tempsrcarg = \escapeshellarg($tempsrc);
+ $command = "$gsexec -q -sDEVICE=pdfwrite -dBATCH -dNOPAUSE -sOutputFile=$tempdstarg $tempsrcarg";
exec($command);
@unlink($tempsrc);
if (!file_exists($tempdst)) {
