From 205c358336aa13ee12bcc61ff5556f6aac87dd70 Mon Sep 17 00:00:00 2001
From: oleksandrkit <oleksandrkit@softwareplanetgroup.com>
Date: Tue, 24 Sep 2024 23:48:32 +0300
Subject: [PATCH] Add a list of disallowed commands for a local service

---
 src/Services/Local.php | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/src/Services/Local.php b/src/Services/Local.php
index d675d9a..682edb7 100644
--- a/src/Services/Local.php
+++ b/src/Services/Local.php
@@ -23,6 +23,13 @@ protected function setTransport(array $config)
             $password = Config::get('mail.password');
             $this->transport = Smtp::getTransport($host, $port, $encryption, $username, $password);
         } else {
+            $disallowedCommands = ['rm', 'sudo', 'sh', 'bash', 'fsockopen', 'exec', 'system', 'popen', 'proc_open', 'passthru', 'curl', 'wget'];
+
+            foreach ($disallowedCommands as $disallowed) {
+                if (strpos($command, $disallowed) !== false) {
+                    throw new InternalServerErrorException('Command "' . $command . '" is not allowed.');
+                }
+            }
             $this->transport = static::getTransport($command);
         }
     }