diff options
author | NewEraCracker <neweracracker@gmail.com> | 2016-01-08 16:04:17 +0000 |
---|---|---|
committer | NewEraCracker <neweracracker@gmail.com> | 2016-01-08 16:04:17 +0000 |
commit | 5eb9f6adc95c36219c649fda9ec7fb2b539bb1bc (patch) | |
tree | 789cfc930bfea033adaf52aab4f121b60f6dbbc7 /src/usr/local/www/exec.php | |
parent | d13a5e7d616cfd2362d9d4ed95ed28f1bd3e8b1e (diff) | |
download | pfsense-5eb9f6adc95c36219c649fda9ec7fb2b539bb1bc.zip pfsense-5eb9f6adc95c36219c649fda9ec7fb2b539bb1bc.tar.gz |
Improve the output of exec.php
...And fix a possible XSS when executing PHP commands
...But we all know XSS is the least of concenrs here :P
Diffstat (limited to 'src/usr/local/www/exec.php')
-rw-r--r-- | src/usr/local/www/exec.php | 19 |
1 files changed, 8 insertions, 11 deletions
diff --git a/src/usr/local/www/exec.php b/src/usr/local/www/exec.php index 5264df4..6d6d386 100644 --- a/src/usr/local/www/exec.php +++ b/src/usr/local/www/exec.php @@ -226,17 +226,15 @@ if (!isBlank($_POST['txtCommand'])):?> <div class="panel-heading"><h2 class="panel-title">Shell Output - <?=htmlspecialchars($_POST['txtCommand'])?></h2></div> <div class="panel-body"> <div class="content"> - <pre> <?php putenv("PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin"); putenv("SCRIPT_FILENAME=" . strtok($_POST['txtCommand'], " ")); $output = array(); exec($_POST['txtCommand'] . ' 2>&1', $output); - foreach ($output as $line) { - print(htmlspecialchars($line) . "\r\n"); - } + + $output = implode("\n", $output); + print("<pre>" . htmlspecialchars($output) . "</pre>"); ?> - </pre> </div> </div> </div> @@ -289,7 +287,7 @@ if (!isBlank($_POST['txtCommand'])):?> // This is intended to prevent bad code from breaking the GUI if (!isBlank($_POST['txtPHPCommand'])) { puts("<div class=\"panel panel-success responsive\"><div class=\"panel-heading\">PHP response</div>"); - puts("<pre>"); + $tmpname = tempnam("/tmp", ""); $phpfile = fopen($tmpname, "w"); fwrite($phpfile, "<?php\n"); @@ -299,16 +297,15 @@ if (!isBlank($_POST['txtCommand'])):?> fwrite($phpfile, "?>\n"); fclose($phpfile); + $output = array(); exec("/usr/local/bin/php " . $tmpname, $output); - for ($i=0; $i < count($output); $i++) { - print($output[$i] . "\n"); - } - unlink($tmpname); + $output = implode("\n", $output); + print("<pre>" . htmlspecialchars($output) . "</pre>"); + // echo eval($_POST['txtPHPCommand']); - puts(" </pre>"); puts("</div>"); ?> <script type="text/javascript"> |