Fixed #5101

system() command replaced with exec()
author: Stephen Beaver <sbeaver@netgate.com> 2015-09-04 14:41:47 -0400
committer: Stephen Beaver <sbeaver@netgate.com> 2015-09-04 14:41:47 -0400
commit: 6aef15f8cfa409d19e421bf2858667ca5de5026b (patch)
tree: 70304862367b9f010577d70c1f9737b98a16d7d3 /src/usr/local/www/exec.php
parent: b7b8b6a311bd04c03e5bdd4741fffe74228d3be0 (diff)
download: pfsense-6aef15f8cfa409d19e421bf2858667ca5de5026b.zip
pfsense-6aef15f8cfa409d19e421bf2858667ca5de5026b.tar.gz
1 files changed, 46 insertions, 43 deletions
diff --git a/src/usr/local/www/exec.php b/src/usr/local/www/exec.php
index a8dcd99..c171895 100644
--- a/src/usr/local/www/exec.php
+++ b/src/usr/local/www/exec.php
@@ -5,55 +5,55 @@
 */
 /* ====================================================================
  *	Exec+ v1.02-000 - Copyright 2001-2003, All rights reserved
- *  Copyright (c)  2004-2015  Electric Sheep Fencing, LLC. All rights reserved.
+ *	Copyright (c)  2004-2015  Electric Sheep Fencing, LLC. All rights reserved.
  *	Created by technologEase (http://www.technologEase.com)
  *	(modified for m0n0wall by Manuel Kasper <mk@neon1.net>)\
  *
- *  Redistribution and use in source and binary forms, with or without modification, 
- *  are permitted provided that the following conditions are met: 
+ *	Redistribution and use in source and binary forms, with or without modification,
+ *	are permitted provided that the following conditions are met:
  *
- *  1. Redistributions of source code must retain the above copyright notice,
- *      this list of conditions and the following disclaimer.
+ *	1. Redistributions of source code must retain the above copyright notice,
+ *		this list of conditions and the following disclaimer.
  *
- *  2. Redistributions in binary form must reproduce the above copyright
- *      notice, this list of conditions and the following disclaimer in
- *      the documentation and/or other materials provided with the
- *      distribution. 
+ *	2. Redistributions in binary form must reproduce the above copyright
+ *		notice, this list of conditions and the following disclaimer in
+ *		the documentation and/or other materials provided with the
+ *		distribution.
  *
- *  3. All advertising materials mentioning features or use of this software 
- *      must display the following acknowledgment:
- *      "This product includes software developed by the pfSense Project
- *       for use in the pfSense software distribution. (http://www.pfsense.org/). 
+ *	3. All advertising materials mentioning features or use of this software
+ *		must display the following acknowledgment:
+ *		"This product includes software developed by the pfSense Project
+ *		 for use in the pfSense software distribution. (http://www.pfsense.org/).
  *
- *  4. The names "pfSense" and "pfSense Project" must not be used to
- *       endorse or promote products derived from this software without
- *       prior written permission. For written permission, please contact
- *       coreteam@pfsense.org.
+ *	4. The names "pfSense" and "pfSense Project" must not be used to
+ *		 endorse or promote products derived from this software without
+ *		 prior written permission. For written permission, please contact
+ *		 coreteam@pfsense.org.
  *
- *  5. Products derived from this software may not be called "pfSense"
- *      nor may "pfSense" appear in their names without prior written
- *      permission of the Electric Sheep Fencing, LLC.
+ *	5. Products derived from this software may not be called "pfSense"
+ *		nor may "pfSense" appear in their names without prior written
+ *		permission of the Electric Sheep Fencing, LLC.
  *
- *  6. Redistributions of any form whatsoever must retain the following
- *      acknowledgment:
+ *	6. Redistributions of any form whatsoever must retain the following
+ *		acknowledgment:
  *
- *  "This product includes software developed by the pfSense Project
- *  for use in the pfSense software distribution (http://www.pfsense.org/).
+ *	"This product includes software developed by the pfSense Project
+ *	for use in the pfSense software distribution (http://www.pfsense.org/).
   *
- *  THIS SOFTWARE IS PROVIDED BY THE pfSense PROJECT ``AS IS'' AND ANY
- *  EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- *  IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- *  PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE pfSense PROJECT OR
- *  ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- *  SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- *  NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- *  LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- *  HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- *  STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- *  ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- *  OF THE POSSIBILITY OF SUCH DAMAGE.
+ *	THIS SOFTWARE IS PROVIDED BY THE pfSense PROJECT ``AS IS'' AND ANY
+ *	EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ *	IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ *	PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE pfSense PROJECT OR
+ *	ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ *	SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ *	NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ *	LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ *	HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ *	STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ *	ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ *	OF THE POSSIBILITY OF SUCH DAMAGE.
  *
- *  ====================================================================
+ *	====================================================================
  *
  */
 /*
@@ -131,15 +131,15 @@ include("head.inc");
 <?php
 
 if (isBlank($_POST['txtRecallBuffer'])) {
-	puts("   var arrRecallBuffer = new Array;");
+	puts("	 var arrRecallBuffer = new Array;");
 } else {
-	puts("   var arrRecallBuffer = new Array(");
+	puts("	 var arrRecallBuffer = new Array(");
 	$arrBuffer = explode("&", $_POST['txtRecallBuffer']);
 	for ($i = 0; $i < (count($arrBuffer) - 1); $i++) {
-		puts("      '" . htmlspecialchars($arrBuffer[$i], ENT_QUOTES | ENT_HTML401) . "',");
+		puts("		'" . htmlspecialchars($arrBuffer[$i], ENT_QUOTES | ENT_HTML401) . "',");
 	}
-	puts("      '" . htmlspecialchars($arrBuffer[count($arrBuffer) - 1], ENT_QUOTES | ENT_HTML401) . "'");
-	puts("   );");
+	puts("		'" . htmlspecialchars($arrBuffer[count($arrBuffer) - 1], ENT_QUOTES | ENT_HTML401) . "'");
+	puts("	 );");
 }
 ?>
 
@@ -228,7 +228,10 @@ if (!isBlank($_POST['txtCommand'])):?>
 <?php
 	putenv("PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin");
 	putenv("SCRIPT_FILENAME=" . strtok($_POST['txtCommand'], " "));
-	print htmlspecialchars(system($_POST['txtCommand'].' 2>&1'));
+	$output = array();
+	exec($_POST['txtCommand'] . ' 2>&1', $output);
+	foreach($output as $line)
+		print(htmlspecialchars($line) . "\r\n");
 ?>
 			</pre>
 		</div>
author	Stephen Beaver <sbeaver@netgate.com>	2015-09-04 14:41:47 -0400
committer	Stephen Beaver <sbeaver@netgate.com>	2015-09-04 14:41:47 -0400
commit	6aef15f8cfa409d19e421bf2858667ca5de5026b (patch)
tree	70304862367b9f010577d70c1f9737b98a16d7d3 /src/usr/local/www/exec.php
parent	b7b8b6a311bd04c03e5bdd4741fffe74228d3be0 (diff)
download	pfsense-6aef15f8cfa409d19e421bf2858667ca5de5026b.zip pfsense-6aef15f8cfa409d19e421bf2858667ca5de5026b.tar.gz