Add escapeshellarg() calls on exec parameters. While I'm here, replace some exec() calls by php functions like symlink, copy, unlink, mkdir

author: Renato Botelho <garga@FreeBSD.org> 2014-02-03 14:55:01 -0200
committer: Renato Botelho <garga@FreeBSD.org> 2014-02-04 12:34:41 -0200
commit: 873c1701a8934ac9a10284fe794eb86db1cead68 (patch)
tree: f33e957b3983ada067702e87540caa3b273ea7e2 /etc/inc/service-utils.inc
parent: 4f188f54abf44ebe82c317ceee7555c7bd00e7ba (diff)
download: pfsense-873c1701a8934ac9a10284fe794eb86db1cead68.zip
pfsense-873c1701a8934ac9a10284fe794eb86db1cead68.tar.gz
1 files changed, 1 insertions, 1 deletions
diff --git a/etc/inc/service-utils.inc b/etc/inc/service-utils.inc
index 324eae7..446f60c 100644
--- a/etc/inc/service-utils.inc
+++ b/etc/inc/service-utils.inc
@@ -67,7 +67,7 @@ function write_rcfile($params) {
 		$tokill =& $params['stop'];
 	} else if(!empty($params['executable'])) {
 		/* just nuke the executable */
-		$tokill = "/usr/bin/killall {$params['executable']}";
+		$tokill = "/usr/bin/killall " . escapeshellarg($params['executable']);
 	} else {
 		/* make an educated guess (bad) */
 		$tokill = array_pop(explode('/', array_shift(explode(' ', $params['start']))));
author	Renato Botelho <garga@FreeBSD.org>	2014-02-03 14:55:01 -0200
committer	Renato Botelho <garga@FreeBSD.org>	2014-02-04 12:34:41 -0200
commit	873c1701a8934ac9a10284fe794eb86db1cead68 (patch)
tree	f33e957b3983ada067702e87540caa3b273ea7e2 /etc/inc/service-utils.inc
parent	4f188f54abf44ebe82c317ceee7555c7bd00e7ba (diff)
download	pfsense-873c1701a8934ac9a10284fe794eb86db1cead68.zip pfsense-873c1701a8934ac9a10284fe794eb86db1cead68.tar.gz