diff options
| author | jim-p <jimp@pfsense.org> | 2016-06-09 10:05:40 -0400 |
|---|---|---|
| committer | jim-p <jimp@pfsense.org> | 2016-06-09 10:05:40 -0400 |
| commit | 1929acf18ff249f76ef00d2bfacd772397d01634 (patch) | |
| tree | b3fe85f5d5e35583198a67152b4829cf3eddba52 /src | |
| parent | b2267ff9d2f1df9dbe1603276c7c67b1ec7ee324 (diff) | |
| download | pfsense-1929acf18ff249f76ef00d2bfacd772397d01634.zip pfsense-1929acf18ff249f76ef00d2bfacd772397d01634.tar.gz | |
Use escapeshellarg on shell calls in auth.inc. Ticket #6475
Diffstat (limited to 'src')
| -rw-r--r-- | src/etc/inc/auth.inc | 28 |
1 files changed, 18 insertions, 10 deletions
diff --git a/src/etc/inc/auth.inc b/src/etc/inc/auth.inc index 5731c84..46f9fba 100644 --- a/src/etc/inc/auth.inc +++ b/src/etc/inc/auth.inc @@ -425,7 +425,7 @@ function local_sync_accounts() { * can cause issues. Just remove crontab before run it when necessary */ unlink_if_exists("/var/cron/tabs/{$line[0]}"); - $cmd = "/usr/sbin/pw userdel -n '{$line[0]}'"; + $cmd = "/usr/sbin/pw userdel -n " . escapeshellarg($line[0]); if ($debug) { log_error(sprintf(gettext("Running: %s"), $cmd)); } @@ -449,7 +449,7 @@ function local_sync_accounts() { if ($line[2] > 65000) { continue; } - $cmd = "/usr/sbin/pw groupdel -g {$line[2]}"; + $cmd = "/usr/sbin/pw groupdel -g " . escapeshellarg($line[2]); if ($debug) { log_error(sprintf(gettext("Running: %s"), $cmd)); } @@ -557,9 +557,14 @@ function local_user_set(& $user) { $comment = str_replace(array(":", "!", "@"), " ", $user['descr']); /* add or mod pw db */ - $cmd = "/usr/sbin/pw {$user_op} -q -u {$user_uid} -n {$user_name}". - " -g {$user_group} -s {$user_shell} -d {$user_home}". - " -c ".escapeshellarg($comment)." -H 0 2>&1"; + $cmd = "/usr/sbin/pw {$user_op} -q " . + " -u " . escapeshellarg($user_uid) . + " -n " . escapeshellarg($user_name) . + " -g " . escapeshellarg($user_group) . + " -s " . escapeshellarg($user_shell) . + " -d " . escapeshellarg($user_home) . + " -c " . escapeshellarg($comment) . + " -H 0 2>&1"; if ($debug) { log_error(sprintf(gettext("Running: %s"), $cmd)); @@ -593,7 +598,7 @@ function local_user_set(& $user) { } $un = $lock_account ? "" : "un"; - exec("/usr/sbin/pw {$un}lock {$user_name} -q 2>/dev/null"); + exec("/usr/sbin/pw {$un}lock " . escapeshellarg($user_name) . " -q 2>/dev/null"); conf_mount_ro(); } @@ -621,7 +626,7 @@ function local_user_del($user) { } /* delete from pw db */ - $cmd = "/usr/sbin/pw userdel -n {$user['name']} {$rmhome}"; + $cmd = "/usr/sbin/pw userdel -n " . escapeshellarg($user['name']) . " " . escapeshellarg($rmhome); if ($debug) { log_error(sprintf(gettext("Running: %s"), $cmd)); @@ -769,14 +774,17 @@ function local_group_set($group, $reset = false) { } /* determine add or mod */ - if (mwexec("/usr/sbin/pw groupshow -g {$group_gid} 2>&1", true) == 0) { + if (mwexec("/usr/sbin/pw groupshow -g " . escapeshellarg($group_gid) . " 2>&1", true) == 0) { $group_op = "groupmod -l"; } else { $group_op = "groupadd -n"; } /* add or mod group db */ - $cmd = "/usr/sbin/pw {$group_op} {$group_name} -g {$group_gid} -M '{$group_members}' 2>&1"; + $cmd = "/usr/sbin/pw {$group_op} " . + escapeshellarg($group_name) . + " -g " . escapeshellarg($group_gid) . + " -M " . escapeshellarg($group_members) . " 2>&1"; if ($debug) { log_error(sprintf(gettext("Running: %s"), $cmd)); @@ -789,7 +797,7 @@ function local_group_del($group) { global $debug; /* delete from group db */ - $cmd = "/usr/sbin/pw groupdel {$group['name']}"; + $cmd = "/usr/sbin/pw groupdel " . escapeshellarg($group['name']); if ($debug) { log_error(sprintf(gettext("Running: %s"), $cmd)); |
