diff options
author | Chris Buechler <cmb@pfsense.org> | 2016-02-12 00:42:51 -0600 |
---|---|---|
committer | Chris Buechler <cmb@pfsense.org> | 2016-02-12 00:42:51 -0600 |
commit | e9fea9dc5feb76fa891e9afda5691bf293481dc3 (patch) | |
tree | 388b8e036088ca635f1ef2fb1e8253baeaa4c2e1 /src/etc | |
parent | d6fa0b47f9ae16f0b615a38c06818d2536290bd2 (diff) | |
download | pfsense-e9fea9dc5feb76fa891e9afda5691bf293481dc3.zip pfsense-e9fea9dc5feb76fa891e9afda5691bf293481dc3.tar.gz |
Parse URL Table alias downloads with parse_aliases_file to ensure only valid contents. Ticket #5848
Diffstat (limited to 'src/etc')
-rw-r--r-- | src/etc/inc/pfsense-utils.inc | 14 |
1 files changed, 9 insertions, 5 deletions
diff --git a/src/etc/inc/pfsense-utils.inc b/src/etc/inc/pfsense-utils.inc index 87039f6..22ccf86 100644 --- a/src/etc/inc/pfsense-utils.inc +++ b/src/etc/inc/pfsense-utils.inc @@ -2153,6 +2153,7 @@ function process_alias_urltable($name, $url, $freq, $forceupdate=false) { $urltable_prefix = "/var/db/aliastables/"; $urltable_filename = $urltable_prefix . $name . ".txt"; + $tmp_urltable_filename = $urltable_filename . ".tmp"; // Make the aliases directory if it doesn't exist if (!file_exists($urltable_prefix)) { @@ -2169,16 +2170,19 @@ function process_alias_urltable($name, $url, $freq, $forceupdate=false) { // Try to fetch the URL supplied conf_mount_rw(); - unlink_if_exists($urltable_filename . ".tmp"); + unlink_if_exists($tmp_urltable_filename); $verify_ssl = isset($config['system']['checkaliasesurlcert']); - if (download_file($url, $urltable_filename . ".tmp", $verify_ssl)) { - mwexec("/usr/bin/sed -E 's/\;.*//g; /^[[:space:]]*($|#)/d' ". escapeshellarg($urltable_filename . ".tmp") . " > " . escapeshellarg($urltable_filename)); + if (download_file($url, $tmp_urltable_filename, $verify_ssl)) { + mwexec("/usr/bin/sed -i \"\" -E 's/\;.*//g; /^[[:space:]]*($|#)/d' " . escapeshellarg($tmp_urltable_filename)); if (alias_get_type($name) == "urltable_ports") { - $ports = explode("\n", str_replace("\r", "", file_get_contents($urltable_filename))); + $ports = parse_aliases_file($tmp_urltable_filename, "url_ports", "-1"); $ports = group_ports($ports); file_put_contents($urltable_filename, implode("\n", $ports)); + } else { + $urltable = parse_aliases_file($tmp_urltable_filename, "url", "-1"); + file_put_contents($urltable_filename, implode("\n", $urltable)); } - unlink_if_exists($urltable_filename . ".tmp"); + unlink_if_exists($tmp_urltable_filename); } else { touch($urltable_filename); conf_mount_ro(); |