summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorjim-p <jimp@pfsense.org>2017-02-07 14:30:04 -0500
committerjim-p <jimp@pfsense.org>2017-02-07 14:31:14 -0500
commitd3da9c7d2a40d1550fa3f919d5d067f1daaf95f4 (patch)
tree3170e6b4964005747b9cc91bddc2687022ecb7ba
parentf0cf40f964f2a559ddcf495f492bd9d38f924512 (diff)
downloadpfsense-RELENG_2_3_2.zip
pfsense-RELENG_2_3_2.tar.gz
Rather than setting the value directly, minimize exposure to eval() in update_config_field() from wizard.php by constructing a variable reference, then set the value using the reference rather than passing user input through eval(). Fixes #7230RELENG_2_3_2
-rw-r--r--src/usr/local/www/wizard.php7
1 files changed, 5 insertions, 2 deletions
diff --git a/src/usr/local/www/wizard.php b/src/usr/local/www/wizard.php
index a61ed0d..96fb5e6 100644
--- a/src/usr/local/www/wizard.php
+++ b/src/usr/local/www/wizard.php
@@ -165,6 +165,7 @@ if ($_POST && !$input_errors) {
function update_config_field($field, $updatetext, $unset, $arraynum, $field_type) {
global $config;
$field_split = explode("->", $field);
+ $thisvar = null;
foreach ($field_split as $f) {
$field_conv .= "['" . $f . "']";
}
@@ -188,8 +189,9 @@ function update_config_field($field, $updatetext, $unset, $arraynum, $field_type
if ($field_type == "interfaces_selection") {
$var = "\$config{$field_conv}";
$text = "if (isset({$var})) unset({$var});";
- $text .= "\$config" . $field_conv . " = \"" . $updatetext . "\";";
+ $text .= "\$thisvar = &\$config" . $field_conv . ";";
eval($text);
+ $thisvar = $updatetext;
return;
}
@@ -197,8 +199,9 @@ function update_config_field($field, $updatetext, $unset, $arraynum, $field_type
$text = "unset(\$config" . $field_conv . ");";
eval($text);
}
- $text = "\$config" . $field_conv . " = \"" . addslashes($updatetext) . "\";";
+ $text .= "\$thisvar = &\$config" . $field_conv . ";";
eval($text);
+ $thisvar = $updatetext;
}
$title = preg_replace("/pfSense/i", $g['product_name'], $pkg['step'][$stepid]['title']);
OpenPOWER on IntegriCloud