diff options
author | Ermal <eri@pfsense.org> | 2014-03-24 20:14:19 +0000 |
---|---|---|
committer | Ermal <eri@pfsense.org> | 2014-03-24 20:14:19 +0000 |
commit | cfa53879d62806c63b412e26fd5e53138a4a8070 (patch) | |
tree | 1954d9317fa3d3b1b8ca5e3902db0183fe062680 /etc/inc/captiveportal.inc | |
parent | 08d47f757f883565303bd5d54983baecbfdc9374 (diff) | |
download | pfsense-cfa53879d62806c63b412e26fd5e53138a4a8070.zip pfsense-cfa53879d62806c63b412e26fd5e53138a4a8070.tar.gz |
While here escape the passed valuye to avoid problems with input
Diffstat (limited to 'etc/inc/captiveportal.inc')
-rw-r--r-- | etc/inc/captiveportal.inc | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/etc/inc/captiveportal.inc b/etc/inc/captiveportal.inc index c3b72e4..78a70a2 100644 --- a/etc/inc/captiveportal.inc +++ b/etc/inc/captiveportal.inc @@ -1478,7 +1478,7 @@ function captiveportal_get_dn_passthru_ruleno($value) { if (file_exists("{$g['vardb_path']}/captiveportaldn.rules")) { $rules = unserialize(file_get_contents("{$g['vardb_path']}/captiveportaldn.rules")); unset($output); - $_gb = exec("/sbin/ipfw -x {$cpzoneid} show | /usr/bin/grep {$value} | /usr/bin/grep -v grep | /usr/bin/awk '{print $5}' | /usr/bin/head -n 1", $output); + $_gb = exec("/sbin/ipfw -x {$cpzoneid} show | /usr/bin/grep " . escapeshellarg($value) . " | /usr/bin/grep -v grep | /usr/bin/awk '{print $5}' | /usr/bin/head -n 1", $output); $ruleno = intval($output[0]); if (!$rules[$ruleno]) $ruleno = NULL; @@ -1566,7 +1566,7 @@ function captiveportal_get_ipfw_passthru_ruleno($value) { if (file_exists("{$g['vardb_path']}/captiveportal_{$cpzone}.rules")) { $rules = unserialize(file_get_contents("{$g['vardb_path']}/captiveportal_{$cpzone}.rules")); unset($output); - $_gb = exec("/sbin/ipfw -x {$cpzoneid} show | /usr/bin/grep {$value} | /usr/bin/grep -v grep | /usr/bin/awk '{print $1}' | /usr/bin/head -n 1", $output); + $_gb = exec("/sbin/ipfw -x {$cpzoneid} show | /usr/bin/grep " . escapeshellarg($value) . " | /usr/bin/grep -v grep | /usr/bin/awk '{print $1}' | /usr/bin/head -n 1", $output); $ruleno = intval($output[0]); if (!$rules[$ruleno]) $ruleno = NULL; |