diff options
author | Renato Botelho <garga@FreeBSD.org> | 2014-02-03 14:55:01 -0200 |
---|---|---|
committer | Renato Botelho <garga@FreeBSD.org> | 2014-02-04 12:43:18 -0200 |
commit | 46b12609e51b9b3113abc9c22a1b0ad5a2b37d11 (patch) | |
tree | 0cadd8627871d2e8f159d093852e665a02e39777 /etc/inc/interfaces.inc | |
parent | 44f2ef9b486fc3e4e2a183ae157a86a9e8ac9018 (diff) | |
download | pfsense-46b12609e51b9b3113abc9c22a1b0ad5a2b37d11.zip pfsense-46b12609e51b9b3113abc9c22a1b0ad5a2b37d11.tar.gz |
Add escapeshellarg() calls on exec parameters. While I'm here, replace some exec() calls by php functions like symlink, copy, unlink, mkdir
Conflicts:
etc/inc/filter_log.inc
etc/inc/interfaces.inc
etc/inc/pfsense-utils.inc
etc/inc/pkg-utils.inc
Diffstat (limited to 'etc/inc/interfaces.inc')
-rw-r--r-- | etc/inc/interfaces.inc | 68 |
1 files changed, 34 insertions, 34 deletions
diff --git a/etc/inc/interfaces.inc b/etc/inc/interfaces.inc index 940915c..e842ffa 100644 --- a/etc/inc/interfaces.inc +++ b/etc/inc/interfaces.inc @@ -610,9 +610,9 @@ function interface_bridge_configure(&$bridge, $checkmember = 0) { } if ($bridge['maxaddr'] <> "") - mwexec("/sbin/ifconfig {$bridgeif} maxaddr {$bridge['maxaddr']}"); + mwexec("/sbin/ifconfig {$bridgeif} maxaddr " . escapeshellarg($bridge['maxaddr'])); if ($bridge['timeout'] <> "") - mwexec("/sbin/ifconfig {$bridgeif} timeout {$bridge['timeout']}"); + mwexec("/sbin/ifconfig {$bridgeif} timeout " . escapeshellarg($bridge['timeout'])); if ($bridge['span'] <> "") { $realif = get_real_interface($bridge['span']); mwexec("/sbin/ifconfig {$bridgeif} span {$realif}"); @@ -804,7 +804,7 @@ function interface_lagg_configure(&$lagg) { mwexec("/sbin/ifconfig {$laggif} laggport {$member}"); } - mwexec("/sbin/ifconfig {$laggif} laggproto {$lagg['proto']}"); + mwexec("/sbin/ifconfig {$laggif} laggproto " . escapeshellarg($lagg['proto'])); interfaces_bring_up($laggif); @@ -857,11 +857,11 @@ function interface_gre_configure(&$gre, $grekey = "") { $greif = pfSense_interface_create("gre"); /* Do not change the order here for more see gre(4) NOTES section. */ - mwexec("/sbin/ifconfig {$greif} tunnel {$realifip} {$gre['remote-addr']}"); + mwexec("/sbin/ifconfig {$greif} tunnel {$realifip} " . escapeshellarg($gre['remote-addr'])); if((is_ipaddrv6($gre['tunnel-local-addr'])) || (is_ipaddrv6($gre['tunnel-remote-addr']))) { - mwexec("/sbin/ifconfig {$greif} inet6 {$gre['tunnel-local-addr']} {$gre['tunnel-remote-addr']} prefixlen /{$gre['tunnel-remote-net']} "); + mwexec("/sbin/ifconfig {$greif} inet6 " . escapeshellarg($gre['tunnel-local-addr']) . " " . escapeshellarg($gre['tunnel-remote-addr']) . " prefixlen /" . escapeshellarg($gre['tunnel-remote-net'])); } else { - mwexec("/sbin/ifconfig {$greif} {$gre['tunnel-local-addr']} {$gre['tunnel-remote-addr']} netmask " . gen_subnet_mask($gre['tunnel-remote-net'])); + mwexec("/sbin/ifconfig {$greif} " . escapeshellarg($gre['tunnel-local-addr']) . " " . escapeshellarg($gre['tunnel-remote-addr']) . " netmask " . gen_subnet_mask($gre['tunnel-remote-net'])); } if (isset($gre['link0'])) pfSense_interface_flags($greif, IFF_LINK0); @@ -876,7 +876,7 @@ function interface_gre_configure(&$gre, $grekey = "") { log_error(gettext("Could not bring greif up -- variable not defined.")); if (isset($gre['link1']) && $gre['link1']) - mwexec("/sbin/route add {$gre['tunnel-remote-addr']}/{$gre['tunnel-remote-net']} {$gre['tunnel-local-addr']}"); + mwexec("/sbin/route add " . escapeshellarg($gre['tunnel-remote-addr']) . "/" . escapeshellarg($gre['tunnel-remote-net']) . " " . escapeshellarg($gre['tunnel-local-addr'])); if(is_ipaddrv4($gre['tunnel-remote-addr'])) file_put_contents("{$g['tmp_path']}/{$greif}_router", $gre['tunnel-remote-addr']); if(is_ipaddrv6($gre['tunnel-remote-addr'])) @@ -947,11 +947,11 @@ function interface_gif_configure(&$gif, $gifkey = "") { $gifif = pfSense_interface_create("gif"); /* Do not change the order here for more see gif(4) NOTES section. */ - mwexec("/sbin/ifconfig {$gifif} tunnel {$realifip} {$gif['remote-addr']}"); + mwexec("/sbin/ifconfig {$gifif} tunnel {$realifip} " . escapeshellarg($gif['remote-addr'])); if((is_ipaddrv6($gif['tunnel-local-addr'])) || (is_ipaddrv6($gif['tunnel-remote-addr']))) { - mwexec("/sbin/ifconfig {$gifif} inet6 {$gif['tunnel-local-addr']} {$gif['tunnel-remote-addr']} prefixlen /{$gif['tunnel-remote-net']} "); + mwexec("/sbin/ifconfig {$gifif} inet6 " . escapeshellarg($gif['tunnel-local-addr']) . " " . escapeshellarg($gif['tunnel-remote-addr']) . " prefixlen /" . escapeshellarg($gif['tunnel-remote-net'])); } else { - mwexec("/sbin/ifconfig {$gifif} {$gif['tunnel-local-addr']} {$gif['tunnel-remote-addr']} netmask " . gen_subnet_mask($gif['tunnel-remote-net'])); + mwexec("/sbin/ifconfig {$gifif} " . escapeshellarg($gif['tunnel-local-addr']) . " " . escapeshellarg($gif['tunnel-remote-addr']) . " netmask " . gen_subnet_mask($gif['tunnel-remote-net'])); } if (isset($gif['link0'])) pfSense_interface_flags($gifif, IFF_LINK0); @@ -983,10 +983,10 @@ function interface_gif_configure(&$gif, $gifkey = "") { file_put_contents("{$g['tmp_path']}/{$gifif}_routerv6", $gif['tunnel-remote-addr']); if (is_ipaddrv4($realifgw)) { - mwexec("/sbin/route change -host {$gif['remote-addr']} {$realifgw}"); + mwexec("/sbin/route change -host " . escapeshellarg($gif['remote-addr']) . " {$realifgw}"); } if (is_ipaddrv6($realifgw)) { - mwexec("/sbin/route change -host -inet6 {$gif['remote-addr']} {$realifgw}"); + mwexec("/sbin/route change -host -inet6 " . escapeshellarg($gif['remote-addr']) . " {$realifgw}"); } return $gifif; @@ -1152,7 +1152,7 @@ function interface_vip_bring_down($vip) { $vipif = get_real_interface($vip['interface']); if (does_interface_exist($vipif)) { if (is_ipaddrv6($vip['subnet'])) - mwexec("/sbin/ifconfig {$vipif} inet6 {$vip['subnet']} -alias"); + mwexec("/sbin/ifconfig {$vipif} inet6 " . escapeshellarg($vip['subnet']) . " -alias"); else pfSense_interface_deladdress($vipif, $vip['subnet']); } @@ -1235,7 +1235,7 @@ function interface_bring_down($interface = "wan", $destroy = false, $ifacecfg = mwexec("/sbin/ifconfig " . escapeshellarg($realif) . " delete", true); if ($destroy == true) pfSense_interface_flags($realif, -IFF_UP); - mwexec("/usr/sbin/arp -d -i {$realif} -a"); + mwexec("/usr/sbin/arp -d -i " . escapeshellarg($realif) . " -a"); } break; default: @@ -1243,7 +1243,7 @@ function interface_bring_down($interface = "wan", $destroy = false, $ifacecfg = mwexec("/sbin/ifconfig " . escapeshellarg($realif) . " delete", true); if ($destroy == true) pfSense_interface_flags($realif, -IFF_UP); - mwexec("/usr/sbin/arp -d -i {$realif} -a"); + mwexec("/usr/sbin/arp -d -i " . escapeshellarg($realif) . " -a"); } break; } @@ -1262,7 +1262,7 @@ function interface_bring_down($interface = "wan", $destroy = false, $ifacecfg = mwexec("/sbin/ifconfig " . escapeshellarg($realifv6) . " inet6 {$ip6} delete", true); if ($destroy == true) pfSense_interface_flags($realif, -IFF_UP); - mwexec("/usr/sbin/arp -d -i {$realif} -a"); + mwexec("/usr/sbin/arp -d -i " . escapeshellarg($realif) . " -a"); } break; case "6rd": @@ -1285,7 +1285,7 @@ function interface_bring_down($interface = "wan", $destroy = false, $ifacecfg = mwexec("/sbin/ifconfig " . escapeshellarg($realif) . " inet6 {$ifcfg['ipaddrv6']} delete", true); if ($destroy == true) pfSense_interface_flags($realif, -IFF_UP); - mwexec("/usr/sbin/arp -d -i {$realif} -a"); + mwexec("/usr/sbin/arp -d -i " . escapeshellarg($realif) . " -a"); } break; } @@ -1295,7 +1295,7 @@ function interface_bring_down($interface = "wan", $destroy = false, $ifacecfg = // log_error("Checking for old router states: {$g['tmp_path']}/{$realif}_router = {$old_router}"); if (!empty($old_router)) { log_error("Clearing states to old gateway {$old_router}."); - mwexec("/sbin/pfctl -i {$realif} -Fs -G {$old_router}"); + mwexec("/sbin/pfctl -i " . escapeshellarg($realif) . " -Fs -G {$old_router}"); } /* remove interface up file if it exists */ @@ -1450,12 +1450,11 @@ function interface_ppps_configure($interface) { // mpd5 requires a /var/spool/lock directory for PPP modem links. if(!is_dir("/var/spool/lock")) { - exec("/bin/mkdir -p /var/spool/lock"); - exec("/bin/chmod a+rw /var/spool/lock/."); + mkdir("/var/spool/lock", 0777, true); } // mpd5 modem chat script expected in the same directory as the mpd_xxx.conf files if (!file_exists("{$g['varetc_path']}/mpd.script")) - mwexec("/bin/ln -s /usr/local/sbin/mpd.script {$g['varetc_path']}/."); + symlink("/usr/local/sbin/mpd.script", "{$g['varetc_path']}/."); if (is_array($config['ppps']['ppp']) && count($config['ppps']['ppp'])) { foreach ($config['ppps']['ppp'] as $pppid => $ppp) { @@ -1801,7 +1800,7 @@ EOD; /* Generate mpd.conf. If mpd_[interface].conf exists in the conf path, then link to it instead of generating a fresh conf file. */ if (file_exists("{$g['conf_path']}/mpd_{$interface}.conf")) - mwexec("/bin/ln -s {$g['conf_path']}/mpd_{$interface}.conf {$g['varetc_path']}/."); + symlink("{$g['conf_path']}/mpd_{$interface}.conf", "{$g['varetc_path']}/."); else { $fd = fopen("{$g['varetc_path']}/mpd_{$interface}.conf", "w"); if (!$fd) { @@ -1818,13 +1817,13 @@ EOD; if (isset($ppp['uptime'])) { if (!file_exists("/conf/{$pppif}.log")) { conf_mount_rw(); - mwexec("echo /dev/null > /conf/{$pppif}.log"); + file_put_contents("/conf/{$pppif}.log", ''); conf_mount_ro(); } } else { if (file_exists("/conf/{$pppif}.log")) { conf_mount_rw(); - mwexec("rm -f /conf/{$pppif}.log"); + unlink("/conf/{$pppif}.log"); conf_mount_ro(); } } @@ -1836,7 +1835,8 @@ EOD; } /* fire up mpd */ - mwexec("/usr/local/sbin/mpd5 -b -k -d {$g['varetc_path']} -f mpd_{$interface}.conf -p {$g['varrun_path']}/{$ppp['type']}_{$interface}.pid -s ppp {$ppp['type']}client"); + mwexec("/usr/local/sbin/mpd5 -b -k -d {$g['varetc_path']} -f mpd_{$interface}.conf -p {$g['varrun_path']}/" . + escapeshellarg($ppp['type']) . "_{$interface}.pid -s ppp " . escapeshellarg($ppp['type']) . "client"); // Check for PPPoE periodic reset request if ($type == "pppoe") { @@ -1848,7 +1848,7 @@ EOD; /* wait for upto 10 seconds for the interface to appear (ppp(oe)) */ $i = 0; while($i < 10) { - exec("/sbin/ifconfig {$ppp['if']} 2>&1", $out, $ret); + exec("/sbin/ifconfig " . escapeshellarg($ppp['if']) . " 2>&1", $out, $ret); if($ret == 0) break; sleep(1); @@ -2174,7 +2174,7 @@ function interface_carp_configure(&$vip) { $broadcast_address = gen_subnet_max($vip['subnet'], $vip['subnet_bits']); $advbase = ""; if (!empty($vip['advbase'])) - $advbase = "advbase {$vip['advbase']}"; + $advbase = "advbase " . escapeshellarg($vip['advbase']); if(is_ipaddrv4($vip['subnet'])) { $broadcast_address = gen_subnet_max($vip['subnet'], $vip['subnet_bits']); @@ -2213,7 +2213,7 @@ function interface_wireless_clone($realif, $wlcfg) { } $baseif = interface_get_wireless_base($wlcfg['if']); if(does_interface_exist($realif)) { - exec("/sbin/ifconfig {$realif}", $output, $ret); + exec("/sbin/ifconfig " . escapeshellarg($realif), $output, $ret); $ifconfig_str = implode($output); if(($wlcfg_mode == "hostap") && (! preg_match("/hostap/si", $ifconfig_str))) { log_error(sprintf(gettext("Interface %s changed to hostap mode"), $realif)); @@ -2715,7 +2715,7 @@ EOD; if ( !empty($friendly_if) && $config['interfaces'][$friendly_if]['wireless']['mode'] == "bss" && isset($config['interfaces'][$friendly_if]['wireless']['wpa']['enable']) ) { - mwexec("/bin/sh {$g['tmp_path']}/{$clone_if}_setup.sh"); + mwexec("/bin/sh {$g['tmp_path']}/" . escapeshellarg($clone_if) . "_setup.sh"); } } } @@ -2723,16 +2723,16 @@ EOD; /* The mode must be specified in a separate command before ifconfig * will allow the mode and channel at the same time in the next. */ - mwexec("/sbin/ifconfig {$if} mode " . escapeshellarg($standard)); + mwexec("/sbin/ifconfig " . escapeshellarg($if) . " mode " . escapeshellarg($standard)); /* configure wireless */ $wlcmd_args = implode(" ", $wlcmd); - mwexec("/sbin/ifconfig {$if} $wlcmd_args", false); + mwexec("/sbin/ifconfig " . escapeshellarg($if) . " " . $wlcmd_args, false); sleep(1); /* execute hostapd and wpa_supplicant if required in shell */ - mwexec("/bin/sh {$g['tmp_path']}/{$if}_setup.sh"); + mwexec("/bin/sh {$g['tmp_path']}/" . escapeshellarg($if) . "_setup.sh"); return 0; @@ -3009,7 +3009,7 @@ function interface_configure($interface = "wan", $reloadall = false, $linkupeven if (is_ipaddrv6($wancfg['ipaddrv6']) && $wancfg['subnetv6'] <> "") { //pfSense_interface_setaddress($realif, "{$wancfg['ipaddrv6']}/{$wancfg['subnetv6']}"); // FIXME: Add IPv6 Support to the pfSense module - mwexec("/sbin/ifconfig {$realif} inet6 {$wancfg['ipaddrv6']} prefixlen {$wancfg['subnetv6']} "); + mwexec("/sbin/ifconfig " . escapeshellarg($realif) . " inet6 {$wancfg['ipaddrv6']} prefixlen " . escapeshellarg($wancfg['subnetv6'])); } break; } @@ -3663,7 +3663,7 @@ function is_interface_group($if) { function interface_group_add_member($interface, $groupname) { $interface = get_real_interface($interface); - mwexec("/sbin/ifconfig {$interface} group {$groupname}", true); + mwexec("/sbin/ifconfig {$interface} group " . escapeshellarg($groupname), true); } /* COMPAT Function */ |