From 6043d5e0085b2c4269cf7de3f56ef84ff924610f Mon Sep 17 00:00:00 2001
From: David Davidson <g00271860@gmit.ie>
Date: Thu, 8 Oct 2015 23:51:31 +0100
Subject: [PATCH] Fix remote code execution #1

Passing unsanitized user input into the shell_exec function leads to remote code execution.

In this instance, to execute the `id` command, one would send a request such as the following:
```
GET /tilt.php?position=;id
```
---
 www/tilt.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/www/tilt.php b/www/tilt.php
index 51c8811..450ecb6 100644
--- a/www/tilt.php
+++ b/www/tilt.php
@@ -1,5 +1,5 @@
 <?php
-	$output = shell_exec('/home/pi/servo-pi/drive-servo.py 1 ' . $_GET['position']);
+	$output = shell_exec('/home/pi/servo-pi/drive-servo.py 1 ' . escapeshellarg($_GET['position']));
 	// 2>&1
 ?>