diff options
author | Renato Botelho <garga@FreeBSD.org> | 2014-02-04 12:33:29 -0200 |
---|---|---|
committer | Renato Botelho <garga@FreeBSD.org> | 2014-02-04 12:34:42 -0200 |
commit | d31ca3363dcb7b243f71118744123a5ba71665cb (patch) | |
tree | d9478b15b7a4316a10b7a9b5d4a415c272285a1c /usr/local/www/crash_reporter.php | |
parent | 39ed87e54d14af2603cc66e65ac5e13a9c9843b1 (diff) | |
download | pfsense-d31ca3363dcb7b243f71118744123a5ba71665cb.zip pfsense-d31ca3363dcb7b243f71118744123a5ba71665cb.tar.gz |
Add escapeshellarg() calls on exec parameters. While I'm here, replace some exec() calls by php functions like symlink, copy, unlink, mkdir
Diffstat (limited to 'usr/local/www/crash_reporter.php')
-rwxr-xr-x | usr/local/www/crash_reporter.php | 8 |
1 files changed, 4 insertions, 4 deletions
diff --git a/usr/local/www/crash_reporter.php b/usr/local/www/crash_reporter.php index d3146b8..853be0a 100755 --- a/usr/local/www/crash_reporter.php +++ b/usr/local/www/crash_reporter.php @@ -102,10 +102,10 @@ exec("/usr/bin/grep -vi warning /tmp/PHP_errors.log", $php_errors); if (gettext($_POST['Submit']) == "Yes") { echo gettext("Processing..."); if (!is_dir("/var/crash")) - mwexec("/bin/mkdir -p /var/crash"); + mkdir("/var/crash", 0750, true); @file_put_contents("/var/crash/crashreport_header.txt", $crash_report_header); if(file_exists("/tmp/PHP_errors.log")) - exec("cp /tmp/PHP_errors.log /var/crash/"); + copy("/tmp/PHP_errors.log", "/var/crash/"); exec("/usr/bin/gzip /var/crash/*"); $files_to_upload = glob("/var/crash/*"); echo "<p/>"; @@ -114,7 +114,7 @@ exec("/usr/bin/grep -vi warning /tmp/PHP_errors.log", $php_errors); flush(); if(is_array($files_to_upload)) { $resp = upload_crash_report($files_to_upload); - exec("rm /var/crash/*"); + array_map('unlink', glob("/var/crash/*")); // Erase the contents of the PHP error log fclose(fopen("/tmp/PHP_errors.log", 'w')); echo "<p/>"; @@ -124,7 +124,7 @@ exec("/usr/bin/grep -vi warning /tmp/PHP_errors.log", $php_errors); echo "Could not find any crash files."; } } else if(gettext($_POST['Submit']) == "No") { - exec("rm /var/crash/*"); + array_map('unlink', glob("rm /var/crash/*")); // Erase the contents of the PHP error log fclose(fopen("/tmp/PHP_errors.log", 'w')); Header("Location: /"); |