From eb53c46c336384d78336b021adea94d9257e1d67 Mon Sep 17 00:00:00 2001
From: Sam Hsu <yxu166@jh.edu>
Date: Tue, 24 Jun 2025 00:27:38 -0700
Subject: [PATCH] fix: mitigate UUF vulnerability by escaping entity with
 escapeshellarg

---
 ajax/networking/get_wgkey.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/ajax/networking/get_wgkey.php b/ajax/networking/get_wgkey.php
index 52e3d2de..5096e574 100644
--- a/ajax/networking/get_wgkey.php
+++ b/ajax/networking/get_wgkey.php
@@ -5,7 +5,7 @@ require_once '../../includes/session.php';
 require_once '../../includes/config.php';
 require_once '../../includes/authenticate.php';
 
-$entity = escapeshellcmd($_POST['entity']);
+$entity = escapeshellarg($_POST['entity']);
 
 if (isset($entity)) {