diff options
author | Renato Botelho <garga@FreeBSD.org> | 2014-02-03 14:55:01 -0200 |
---|---|---|
committer | Renato Botelho <garga@FreeBSD.org> | 2014-02-04 12:34:41 -0200 |
commit | 873c1701a8934ac9a10284fe794eb86db1cead68 (patch) | |
tree | f33e957b3983ada067702e87540caa3b273ea7e2 /etc/inc/filter_log.inc | |
parent | 4f188f54abf44ebe82c317ceee7555c7bd00e7ba (diff) | |
download | pfsense-873c1701a8934ac9a10284fe794eb86db1cead68.zip pfsense-873c1701a8934ac9a10284fe794eb86db1cead68.tar.gz |
Add escapeshellarg() calls on exec parameters. While I'm here, replace some exec() calls by php functions like symlink, copy, unlink, mkdir
Diffstat (limited to 'etc/inc/filter_log.inc')
-rw-r--r-- | etc/inc/filter_log.inc | 8 |
1 files changed, 4 insertions, 4 deletions
diff --git a/etc/inc/filter_log.inc b/etc/inc/filter_log.inc index 71e5495..c83c1e7 100644 --- a/etc/inc/filter_log.inc +++ b/etc/inc/filter_log.inc @@ -55,9 +55,9 @@ function conv_log_filter($logfile, $nentries, $tail = 50, $filtertext = "", $fil $logarr = ""; if(isset($config['system']['usefifolog'])) - exec("/usr/sbin/fifolog_reader {$logfile} | /usr/bin/tail -r -n {$tail}", $logarr); + exec("/usr/sbin/fifolog_reader " . escapeshellarg($logfile) . " | /usr/bin/tail -r -n {$tail}", $logarr); else - exec("/usr/sbin/clog {$logfile} | grep -v \"CLOG\" | grep -v \"\033\" | /usr/bin/tail -r -n {$tail}", $logarr); + exec("/usr/sbin/clog " . escapeshellarg($logfile) . " | grep -v \"CLOG\" | grep -v \"\033\" | /usr/bin/tail -r -n {$tail}", $logarr); $filterlog = array(); $counter = 0; @@ -268,9 +268,9 @@ function find_rule_by_number($rulenum, $type="rules") { $_gb = exec("/sbin/pfctl -vvPsn -a \"miniupnpd\" | grep '^@'", $buffer); else { if (file_exists("{$g['tmp_path']}/rules.debug")) - $_gb = exec("/sbin/pfctl -vvPnf {$g['tmp_path']}/rules.debug 2>/dev/null | /usr/bin/egrep '^@{$rulenum} {$type}'", $buffer); + $_gb = exec("/sbin/pfctl -vvPnf {$g['tmp_path']}/rules.debug 2>/dev/null | /usr/bin/egrep '^@" . escapeshellarg($rulenum) . " " . escapeshellarg($type) . "'", $buffer); else - $_gb = exec("/sbin/pfctl -vvPsr | grep '^@{$rulenum}'", $buffer); + $_gb = exec("/sbin/pfctl -vvPsr | grep '^@" . escapeshellarg($rulenum) . "'", $buffer); } if (is_array($buffer)) return $buffer[0]; |