diff options
| author | jim-p <jimp@pfsense.org> | 2016-01-26 09:24:14 -0500 |
|---|---|---|
| committer | jim-p <jimp@pfsense.org> | 2016-01-26 09:24:14 -0500 |
| commit | 36cb313bb35d3d3e19ea121b8f8f1a679988d8d5 (patch) | |
| tree | 332ddfc2312d36f63ac9ddea393b87cee9eb2cb5 /src | |
| parent | 51f336510d4d21c4a69ccf9e8b8ae2107fe7ed06 (diff) | |
| download | pfsense-36cb313bb35d3d3e19ea121b8f8f1a679988d8d5.zip pfsense-36cb313bb35d3d3e19ea121b8f8f1a679988d8d5.tar.gz | |
Fix validation of playback file passed to pfSsh.php. Fixes #5657
Diffstat (limited to 'src')
| -rwxr-xr-x | src/usr/local/sbin/pfSsh.php | 38 |
1 files changed, 26 insertions, 12 deletions
diff --git a/src/usr/local/sbin/pfSsh.php b/src/usr/local/sbin/pfSsh.php index 8bfc909..367fa5e 100755 --- a/src/usr/local/sbin/pfSsh.php +++ b/src/usr/local/sbin/pfSsh.php @@ -162,19 +162,28 @@ function completion($string, $index) { readline_completion_function("completion"); +function get_playback_files() { + $playback_files = array(); + $files = scandir("/etc/phpshellsessions/"); + foreach ($files as $file) { + if ($file <> "." and $file <> "..") { + $playback_files[] = $file; + } + } + return $playback_files; +} + if ($argc < 2) { echo "Welcome to the {$g['product_name']} developer shell\n"; echo "\nType \"help\" to show common usage scenarios.\n"; echo "\nAvailable playback commands:\n "; - $files = scandir("/etc/phpshellsessions/"); $tccommands[] = "playback"; - foreach ($files as $file) { - if ($file <> "." and $file <> "..") { - echo $file . " "; - if (function_exists("readline_add_history")) { - readline_add_history("playback $file"); - $tccommands[] = "$file"; - } + $playback_files = get_playback_files(); + foreach ($playback_files as $pbf) { + echo "{$pbf} "; + if (function_exists("readline_add_history")) { + readline_add_history("playback $file"); + $tccommands[] = "$file"; } } echo "\n\n"; @@ -185,11 +194,16 @@ $playback_file_split = array(); $playbackbuffer = ""; if ($argv[1]=="playback" or $argv[1]=="run") { - if (!file_exists("/etc/phpshellsessions/{$argv[2]}")) { - echo "Could not locate playback file."; - exit; + if (empty($argv[2]) || !file_exists("/etc/phpshellsessions/" . basename($argv[2]))) { + echo "Error: Invalid playback file specified.\n\n"; + echo "Valid playback files are:\n"; + foreach (get_playback_files() as $pbf) { + echo "{$pbf} "; + } + echo "\n\n"; + exit(-1); } - playback_file($argv[2]); + playback_file(basename($argv[2])); exit; } |
