diff options
| author | Stephen Beaver <sbeaver@netgate.com> | 2015-10-26 16:14:55 -0400 |
|---|---|---|
| committer | Stephen Beaver <sbeaver@netgate.com> | 2015-10-26 16:14:55 -0400 |
| commit | 3e115dbf716a9bdb6b972a367c0f0a44f183f6ab (patch) | |
| tree | edd88b4a342052e41e7a4b18d5a1e339bf65760b /src/usr/local/www/exec.php | |
| parent | 682cea181cc980b63c2ebdf2cf468aab5137fca8 (diff) | |
| download | pfsense-3e115dbf716a9bdb6b972a367c0f0a44f183f6ab.zip pfsense-3e115dbf716a9bdb6b972a367c0f0a44f183f6ab.tar.gz | |
Experimental: Fixes #5288
Diffstat (limited to 'src/usr/local/www/exec.php')
| -rw-r--r-- | src/usr/local/www/exec.php | 22 |
1 files changed, 19 insertions, 3 deletions
diff --git a/src/usr/local/www/exec.php b/src/usr/local/www/exec.php index 038333d..9ab6aa8 100644 --- a/src/usr/local/www/exec.php +++ b/src/usr/local/www/exec.php @@ -275,12 +275,28 @@ if (!isBlank($_POST['txtCommand'])):?> </div> </div> <?php + // Experimentl version. Writes the user's php code to a file and executes it via a new instance of PHP + // THis is intended to prevent bad code from breaking the GUI if (!isBlank($_POST['txtPHPCommand'])) { puts("<div class=\"panel panel-success responsive\"><div class=\"panel-heading\">PHP response</div>"); puts("<pre>"); - require_once("config.inc"); - require_once("functions.inc"); - echo eval($_POST['txtPHPCommand']); + $phpfile = fopen("/tmp/phpfile", "w"); + fwrite($phpfile, "<?php\n"); + fwrite($phpfile, "require_once(\"/etc/inc/config.inc\");\n"); + fwrite($phpfile, "require_once(\"/etc/inc/functions.inc\");\n\n"); + fwrite($phpfile, $_POST['txtPHPCommand'] . "\n"); + fwrite($phpfile, "?>\n"); + fclose($phpfile); + + exec("/usr/local/bin/php /tmp/phpfile", $output); + + for ($i=0; $i < count($output); $i++) { + print($output[$i] . "\n"); + } + + unlink("/tmp/phpfile"); + +// echo eval($_POST['txtPHPCommand']); puts(" </pre>"); puts("</div>"); ?> |
