Add escapeshellarg() calls on exec parameters. While I'm here, replace some exec() calls by php functions like symlink, copy, unlink, mkdir

author: Renato Botelho <garga@FreeBSD.org> 2014-02-04 12:33:29 -0200
committer: Renato Botelho <garga@FreeBSD.org> 2014-02-04 12:34:42 -0200
commit: d31ca3363dcb7b243f71118744123a5ba71665cb (patch)
tree: d9478b15b7a4316a10b7a9b5d4a415c272285a1c /usr/local/www/diag_logs_vpn.php
parent: 39ed87e54d14af2603cc66e65ac5e13a9c9843b1 (diff)
download: pfsense-d31ca3363dcb7b243f71118744123a5ba71665cb.zip
pfsense-d31ca3363dcb7b243f71118744123a5ba71665cb.tar.gz
1 files changed, 3 insertions, 3 deletions
diff --git a/usr/local/www/diag_logs_vpn.php b/usr/local/www/diag_logs_vpn.php
index 7920306..715eb69 100755
--- a/usr/local/www/diag_logs_vpn.php
+++ b/usr/local/www/diag_logs_vpn.php
@@ -90,9 +90,9 @@ function dump_clog_vpn($logfile, $tail) {
 	$logarr = "";
 	
 	if(isset($config['system']['usefifolog'])) 
-		exec("/usr/sbin/fifolog_reader " . $logfile . " | tail {$sor} -n " . $tail, $logarr);
+		exec("/usr/sbin/fifolog_reader " . escapeshellarg($logfile) . " | tail {$sor} -n " . $tail, $logarr);
 	else 
-		exec("/usr/sbin/clog " . $logfile . " | tail {$sor} -n " . $tail, $logarr);
+		exec("/usr/sbin/clog " . escapeshellarg($logfile) . " | tail {$sor} -n " . $tail, $logarr);
 
 	foreach ($logarr as $logent) {
 		$logent = preg_split("/\s+/", $logent, 6);
@@ -191,4 +191,4 @@ include("head.inc");
 </table>
 <?php include("fend.inc"); ?>
 </body>
-</html>
-\ No newline at end of file
+</html>
author	Renato Botelho <garga@FreeBSD.org>	2014-02-04 12:33:29 -0200
committer	Renato Botelho <garga@FreeBSD.org>	2014-02-04 12:34:42 -0200
commit	d31ca3363dcb7b243f71118744123a5ba71665cb (patch)
tree	d9478b15b7a4316a10b7a9b5d4a415c272285a1c /usr/local/www/diag_logs_vpn.php
parent	39ed87e54d14af2603cc66e65ac5e13a9c9843b1 (diff)
download	pfsense-d31ca3363dcb7b243f71118744123a5ba71665cb.zip pfsense-d31ca3363dcb7b243f71118744123a5ba71665cb.tar.gz