diff options
| author | Renato Botelho <garga@FreeBSD.org> | 2014-02-03 14:55:01 -0200 |
|---|---|---|
| committer | Renato Botelho <garga@FreeBSD.org> | 2014-02-04 12:34:41 -0200 |
| commit | 873c1701a8934ac9a10284fe794eb86db1cead68 (patch) | |
| tree | f33e957b3983ada067702e87540caa3b273ea7e2 /etc/ecl.php | |
| parent | 4f188f54abf44ebe82c317ceee7555c7bd00e7ba (diff) | |
| download | pfsense-873c1701a8934ac9a10284fe794eb86db1cead68.zip pfsense-873c1701a8934ac9a10284fe794eb86db1cead68.tar.gz | |
Add escapeshellarg() calls on exec parameters. While I'm here, replace some exec() calls by php functions like symlink, copy, unlink, mkdir
Diffstat (limited to 'etc/ecl.php')
| -rwxr-xr-x | etc/ecl.php | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/etc/ecl.php b/etc/ecl.php index c8eae9c..0fd0e74 100755 --- a/etc/ecl.php +++ b/etc/ecl.php @@ -50,7 +50,7 @@ function get_swap_disks() { function get_disk_slices($disk) { global $g, $debug; $slices_array = array(); - $slices = trim(exec("/bin/ls /dev/{$disk}s* 2>/dev/null")); + $slices = trim(exec("/bin/ls " . escapeshellarg("/dev/" . $disk . "s*") . " 2>/dev/null")); $slices = str_replace("/dev/", "", $slices); if($slices == "ls: No match.") return; @@ -61,7 +61,7 @@ function get_disk_slices($disk) { function get_disks() { global $g, $debug; $disks_array = array(); - $disks = exec("/sbin/sysctl kern.disks | cut -d':' -f2"); + $disks = exec("/sbin/sysctl -n kern.disks"); $disks_s = explode(" ", $disks); foreach($disks_s as $disk) if(trim($disk)) @@ -91,7 +91,7 @@ function test_config($file_location) { return; // config.xml was found. ensure it is sound. $root_obj = trim("<{$g['xml_rootobj']}>"); - $xml_file_head = exec("/usr/bin/head -2 {$file_location} | /usr/bin/tail -n1"); + $xml_file_head = exec("/usr/bin/head -2 " . escapeshellarg($file_location) . " | /usr/bin/tail -n1"); if($debug) { echo "\nroot obj = $root_obj"; echo "\nfile head = $xml_file_head"; |
