diff options
author | Renato Botelho <garga@FreeBSD.org> | 2014-02-03 14:55:01 -0200 |
---|---|---|
committer | Renato Botelho <garga@FreeBSD.org> | 2014-02-04 12:43:18 -0200 |
commit | 46b12609e51b9b3113abc9c22a1b0ad5a2b37d11 (patch) | |
tree | 0cadd8627871d2e8f159d093852e665a02e39777 /etc/inc/pkg-utils.inc | |
parent | 44f2ef9b486fc3e4e2a183ae157a86a9e8ac9018 (diff) | |
download | pfsense-46b12609e51b9b3113abc9c22a1b0ad5a2b37d11.zip pfsense-46b12609e51b9b3113abc9c22a1b0ad5a2b37d11.tar.gz |
Add escapeshellarg() calls on exec parameters. While I'm here, replace some exec() calls by php functions like symlink, copy, unlink, mkdir
Conflicts:
etc/inc/filter_log.inc
etc/inc/interfaces.inc
etc/inc/pfsense-utils.inc
etc/inc/pkg-utils.inc
Diffstat (limited to 'etc/inc/pkg-utils.inc')
-rw-r--r-- | etc/inc/pkg-utils.inc | 14 |
1 files changed, 7 insertions, 7 deletions
diff --git a/etc/inc/pkg-utils.inc b/etc/inc/pkg-utils.inc index 9f3296a..b727abe 100644 --- a/etc/inc/pkg-utils.inc +++ b/etc/inc/pkg-utils.inc @@ -102,7 +102,7 @@ function remove_freebsd_package($packagestring) { // The packagestring passed in must be the full PBI package name, // as displayed by the pbi_info utility. e.g. "package-1.2.3_4-i386" // It must NOT have ".pbi" on the end. - exec("/usr/local/sbin/pbi_info {$packagestring} | /usr/bin/awk '/Prefix/ {print $2}'",$pbidir); + exec("/usr/local/sbin/pbi_info " . escapeshellarg($packagestring) . " | /usr/bin/awk '/Prefix/ {print $2}'",$pbidir); $pbidir = $pbidir[0]; if ($pbidir == "") { log_error("PBI dir for {$packagestring} was not found - cannot cleanup PBI files"); @@ -127,7 +127,7 @@ function remove_freebsd_package($packagestring) { } } - exec("/usr/local/sbin/pbi_delete {$packagestring} 2>>/tmp/pbi_delete_errors.txt"); + exec("/usr/local/sbin/pbi_delete " . escapeshellarg($packagestring) . " 2>>/tmp/pbi_delete_errors.txt"); } } @@ -279,7 +279,7 @@ function is_freebsd_pkg_installed($pkg) { if(!$pkg) return; $output = ""; - exec("/usr/local/sbin/pbi_info \"{$pkg}\"", $output, $retval); + exec("/usr/local/sbin/pbi_info \"" . escapeshellarg($pkg) . "\"", $output, $retval); return (intval($retval) == 0); } @@ -567,10 +567,10 @@ function pkg_fetch_recursive($pkgname, $filename, $dependlevel = 0, $base_url = $pkgaddout = ""; - exec("/usr/local/sbin/pbi_add {$pkgstaging} -f -v --no-checksig {$fetchto} 2>&1", $pkgaddout); + exec("/usr/local/sbin/pbi_add " . escapeshellarg($pkgstaging) . " -f -v --no-checksig " . escapeshellarg($fetchto) . " 2>&1", $pkgaddout); pkg_debug($pkgname . " " . print_r($pkgaddout, true) . "\npbi_add successfully completed.\n"); setup_library_paths(); - exec("/usr/local/sbin/pbi_info " . preg_replace('/\.pbi$/','',$filename) . " | /usr/bin/awk '/Prefix/ {print $2}'",$pbidir); + exec("/usr/local/sbin/pbi_info " . escapeshellarg(preg_replace('/\.pbi$/','',$filename)) . " | /usr/bin/awk '/Prefix/ {print $2}'",$pbidir); $pbidir = $pbidir[0]; $linkdirs = array('bin','sbin'); foreach($linkdirs as $dir) { @@ -803,7 +803,7 @@ function install_package_xml($pkg) { if(stristr($filename, ".tgz") <> "") { pkg_debug(gettext("Extracting tarball to -C for ") . $filename . "...\n"); $tarout = ""; - exec("/usr/bin/tar xvzf " . $prefix . $filename . " -C / 2>&1", $tarout); + exec("/usr/bin/tar xvzf " . escapeshellarg($prefix . $filename) . " -C / 2>&1", $tarout); pkg_debug(print_r($tarout, true) . "\n"); } if($pkg_chmod <> "") { @@ -861,7 +861,7 @@ function install_package_xml($pkg) { $pkg_name_for_pbi_match = strtolower($pkg) . "-"; exec("/usr/local/sbin/pbi_info | grep '^{$pkg_name_for_pbi_match}' | xargs /usr/local/sbin/pbi_info | awk '/Prefix/ {print $2}'",$pbidirarray); $pbidir0 = $pbidirarray[0]; - exec("find /usr/local/etc/ -name *.conf | grep \"{$pkg}\"",$files); + exec("find /usr/local/etc/ -name *.conf | grep '" . escapeshellarg($pkg) . "'",$files); foreach($files as $f) { $pbiconf = str_replace('/usr/local',$pbidir0,$f); if(is_file($pbiconf) || is_link($pbiconf)) { |