diff options
author | Renato Botelho <garga@FreeBSD.org> | 2014-02-04 12:33:29 -0200 |
---|---|---|
committer | Renato Botelho <garga@FreeBSD.org> | 2014-02-04 12:34:42 -0200 |
commit | d31ca3363dcb7b243f71118744123a5ba71665cb (patch) | |
tree | d9478b15b7a4316a10b7a9b5d4a415c272285a1c /usr/local/www/firewall_aliases_edit.php | |
parent | 39ed87e54d14af2603cc66e65ac5e13a9c9843b1 (diff) | |
download | pfsense-d31ca3363dcb7b243f71118744123a5ba71665cb.zip pfsense-d31ca3363dcb7b243f71118744123a5ba71665cb.tar.gz |
Add escapeshellarg() calls on exec parameters. While I'm here, replace some exec() calls by php functions like symlink, copy, unlink, mkdir
Diffstat (limited to 'usr/local/www/firewall_aliases_edit.php')
-rwxr-xr-x | usr/local/www/firewall_aliases_edit.php | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/usr/local/www/firewall_aliases_edit.php b/usr/local/www/firewall_aliases_edit.php index b2f3eb9..d92e145 100755 --- a/usr/local/www/firewall_aliases_edit.php +++ b/usr/local/www/firewall_aliases_edit.php @@ -73,7 +73,7 @@ if($_POST) // Debugging if($debug) - exec("rm -f {$g['tmp_path']}/alias_rename_log.txt"); + unlink("{$g['tmp_path']}/alias_rename_log.txt"); function alias_same_type($name, $type) { global $config; @@ -213,7 +213,7 @@ if ($_POST) { $temp_filename = tempnam("{$g['tmp_path']}/", "alias_import"); unlink($temp_filename); $verify_ssl = isset($config['system']['checkaliasesurlcert']); - mwexec("/bin/mkdir -p {$temp_filename}"); + mkdir($temp_filename); download_file($_POST['address' . $x], $temp_filename . "/aliases", $verify_ssl); /* if the item is tar gzipped then extract */ @@ -270,7 +270,7 @@ if ($_POST) { /* nothing was found */ $input_errors[] = sprintf(gettext("You must provide a valid URL. Could not fetch usable data from '%s'."), $_POST['address' . $x]); } - mwexec("/bin/rm -rf {$temp_filename}"); + mwexec("/bin/rm -rf " . escapeshellarg($temp_filename)); } else { $input_errors[] = sprintf(gettext("URL '%s' is not valid."), $_POST['address' . $x]); } |