diff options
author | Stephen Beaver <sbeaver@netgate.com> | 2016-01-08 11:15:27 -0500 |
---|---|---|
committer | Stephen Beaver <sbeaver@netgate.com> | 2016-01-08 11:15:27 -0500 |
commit | 96cb4c984faca2cb45e4696e121252d079b9ee9b (patch) | |
tree | 97286e80005c72c9988500198cef84f7fef82b1a | |
parent | 46af3068cee4618a7e07af82fe578afc6e8604b7 (diff) | |
parent | 5eb9f6adc95c36219c649fda9ec7fb2b539bb1bc (diff) | |
download | pfsense-96cb4c984faca2cb45e4696e121252d079b9ee9b.zip pfsense-96cb4c984faca2cb45e4696e121252d079b9ee9b.tar.gz |
Merge pull request #2386 from NewEraCracker/master
-rw-r--r-- | src/usr/local/www/exec.php | 19 |
1 files changed, 8 insertions, 11 deletions
diff --git a/src/usr/local/www/exec.php b/src/usr/local/www/exec.php index 5264df4..6d6d386 100644 --- a/src/usr/local/www/exec.php +++ b/src/usr/local/www/exec.php @@ -226,17 +226,15 @@ if (!isBlank($_POST['txtCommand'])):?> <div class="panel-heading"><h2 class="panel-title">Shell Output - <?=htmlspecialchars($_POST['txtCommand'])?></h2></div> <div class="panel-body"> <div class="content"> - <pre> <?php putenv("PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin"); putenv("SCRIPT_FILENAME=" . strtok($_POST['txtCommand'], " ")); $output = array(); exec($_POST['txtCommand'] . ' 2>&1', $output); - foreach ($output as $line) { - print(htmlspecialchars($line) . "\r\n"); - } + + $output = implode("\n", $output); + print("<pre>" . htmlspecialchars($output) . "</pre>"); ?> - </pre> </div> </div> </div> @@ -289,7 +287,7 @@ if (!isBlank($_POST['txtCommand'])):?> // This is intended to prevent bad code from breaking the GUI if (!isBlank($_POST['txtPHPCommand'])) { puts("<div class=\"panel panel-success responsive\"><div class=\"panel-heading\">PHP response</div>"); - puts("<pre>"); + $tmpname = tempnam("/tmp", ""); $phpfile = fopen($tmpname, "w"); fwrite($phpfile, "<?php\n"); @@ -299,16 +297,15 @@ if (!isBlank($_POST['txtCommand'])):?> fwrite($phpfile, "?>\n"); fclose($phpfile); + $output = array(); exec("/usr/local/bin/php " . $tmpname, $output); - for ($i=0; $i < count($output); $i++) { - print($output[$i] . "\n"); - } - unlink($tmpname); + $output = implode("\n", $output); + print("<pre>" . htmlspecialchars($output) . "</pre>"); + // echo eval($_POST['txtPHPCommand']); - puts(" </pre>"); puts("</div>"); ?> <script type="text/javascript"> |