Add escapeshellarg() calls on exec parameters. While I'm here, replace some exec() calls by php functions like symlink, copy, unlink, mkdir

Conflicts: usr/local/www/diag_logs_vpn.php usr/local/www/firewall_aliases_edit.php usr/local/www/guiconfig.inc
author: Renato Botelho <garga@FreeBSD.org> 2014-02-04 12:33:29 -0200
committer: Renato Botelho <garga@FreeBSD.org> 2014-02-04 12:47:20 -0200
commit: 1eb03024fe15fcd8cdd20f32a9ba7c7f1fb75821 (patch)
tree: 6c5186c0184447c633776c795c3f10553e3c3876 /usr/local/www/diag_arp.php
parent: 46b12609e51b9b3113abc9c22a1b0ad5a2b37d11 (diff)
download: pfsense-1eb03024fe15fcd8cdd20f32a9ba7c7f1fb75821.zip
pfsense-1eb03024fe15fcd8cdd20f32a9ba7c7f1fb75821.tar.gz
1 files changed, 1 insertions, 1 deletions
diff --git a/usr/local/www/diag_arp.php b/usr/local/www/diag_arp.php
index c24ca62..19f74f0 100755
--- a/usr/local/www/diag_arp.php
+++ b/usr/local/www/diag_arp.php
@@ -249,7 +249,7 @@ function _getHostName($mac,$ip) {
 	else if ($dhcpip[$ip])
 		return $dhcpip[$ip];
 	else{
-		exec("host -W 1 $ip", $output);
+		exec("host -W 1 " . escapeshellarg($ip), $output);
 		if (preg_match('/.*pointer ([A-Za-z0-9.-]+)\..*/',$output[0],$matches)) {
 			if ($matches[1] <> $ip)
 				return $matches[1];
author	Renato Botelho <garga@FreeBSD.org>	2014-02-04 12:33:29 -0200
committer	Renato Botelho <garga@FreeBSD.org>	2014-02-04 12:47:20 -0200
commit	1eb03024fe15fcd8cdd20f32a9ba7c7f1fb75821 (patch)
tree	6c5186c0184447c633776c795c3f10553e3c3876 /usr/local/www/diag_arp.php
parent	46b12609e51b9b3113abc9c22a1b0ad5a2b37d11 (diff)
download	pfsense-1eb03024fe15fcd8cdd20f32a9ba7c7f1fb75821.zip pfsense-1eb03024fe15fcd8cdd20f32a9ba7c7f1fb75821.tar.gz