diff options
author | Scott Ullrich <sullrich@pfsense.org> | 2005-03-13 21:54:28 +0000 |
---|---|---|
committer | Scott Ullrich <sullrich@pfsense.org> | 2005-03-13 21:54:28 +0000 |
commit | 677e088005c02c4c810d97af68bc0eee25207d1a (patch) | |
tree | 60fa967907d767610bb7cf6b9203c3fc583e2b8b | |
parent | a1f1ebb44a5fc2d0fff1149f831e0071ad7a3cc9 (diff) | |
download | pfsense-677e088005c02c4c810d97af68bc0eee25207d1a.zip pfsense-677e088005c02c4c810d97af68bc0eee25207d1a.tar.gz |
Use php_check_syntax on code before eval()
-rw-r--r-- | etc/inc/filter.inc | 5 | ||||
-rwxr-xr-x | usr/local/www/pkg_mgr_install.php | 14 |
2 files changed, 13 insertions, 6 deletions
diff --git a/etc/inc/filter.inc b/etc/inc/filter.inc index 3285011..67aa303 100644 --- a/etc/inc/filter.inc +++ b/etc/inc/filter.inc @@ -105,7 +105,7 @@ function filter_configure() { $maximumstates = $config['system']['maximumstates']; $rules.= "set limit states " . $maximumstates . "\n"; } - + $rules.= "\n"; $rules.= "scrub on {$wanif} reassemble tcp random-id " . $mssclamp ."\n"; // reassemble all directions $rules.= $altq_ints . "\n"; @@ -160,7 +160,8 @@ function filter_configure() { if($file <> "") { $text = return_filename_as_string("/usr/local/pkg/pf/" . $file); if($text != "") - eval($text); + if(php_check_syntax($toeval, $error_message) == false) + eval($text); } } } diff --git a/usr/local/www/pkg_mgr_install.php b/usr/local/www/pkg_mgr_install.php index 912b8e5..50a2f99 100755 --- a/usr/local/www/pkg_mgr_install.php +++ b/usr/local/www/pkg_mgr_install.php @@ -383,11 +383,14 @@ foreach ($packages_to_install as $id) { if($menu['url'] <> "") { // override $myurl for script. $toeval = "\$myurl = \"" . getenv("HTTP_HOST") . "\"; \n"; - eval($toeval); + $error_message = ""; + if(php_check_syntax($toeval, $error_message) == false) + eval($toeval); // eval url so that above $myurl item can be processed if need be. $urltmp = $menu['url']; $toeval = "\$url = \"" . $urltmp . "\"; \n"; - eval($toeval); + if(php_check_syntax($toeval, $error_message) == false) + eval($toeval); fwrite($fd, $url . "\n"); } else { $xml = ""; @@ -419,11 +422,14 @@ foreach ($packages_to_install as $id) { if($package_conf['custom_php_install_command']) { update_status("Executing post install commands...\n"); fwrite($fd_log, "Executing post install commands...\n"); + $error_message = ""; if($package_conf['custom_php_command_before_form'] <> "") - eval($package_conf['custom_php_command_before_form']); + if(php_check_syntax($package_conf['custom_php_command_before_form'], $error_message) == false) + eval($package_conf['custom_php_command_before_form']); $pb_percent += 50; update_progress_bar(50); - eval($package_conf['custom_php_install_command']); + if(php_check_syntax($package_conf['custom_php_install_command'], $error_message) == false) + eval($package_conf['custom_php_install_command']); } $pb_percent += 10; |