diff options
author | Renato Botelho <garga@FreeBSD.org> | 2014-02-04 12:33:29 -0200 |
---|---|---|
committer | Renato Botelho <garga@FreeBSD.org> | 2014-02-04 12:34:42 -0200 |
commit | d31ca3363dcb7b243f71118744123a5ba71665cb (patch) | |
tree | d9478b15b7a4316a10b7a9b5d4a415c272285a1c /usr/local/www/guiconfig.inc | |
parent | 39ed87e54d14af2603cc66e65ac5e13a9c9843b1 (diff) | |
download | pfsense-d31ca3363dcb7b243f71118744123a5ba71665cb.zip pfsense-d31ca3363dcb7b243f71118744123a5ba71665cb.tar.gz |
Add escapeshellarg() calls on exec parameters. While I'm here, replace some exec() calls by php functions like symlink, copy, unlink, mkdir
Diffstat (limited to 'usr/local/www/guiconfig.inc')
-rwxr-xr-x | usr/local/www/guiconfig.inc | 24 |
1 files changed, 12 insertions, 12 deletions
diff --git a/usr/local/www/guiconfig.inc b/usr/local/www/guiconfig.inc index 1997ac5..9348dd3 100755 --- a/usr/local/www/guiconfig.inc +++ b/usr/local/www/guiconfig.inc @@ -553,9 +553,9 @@ function clear_log_file($logfile = "/var/log/system.log", $restart_syslogd = tru } else { $log_size = isset($config['syslog']['logfilesize']) ? $config['syslog']['logfilesize'] : "511488"; if(isset($config['system']['usefifolog'])) - exec("/usr/sbin/fifolog_create -s {$log_size} {$logfile}"); + exec("/usr/sbin/fifolog_create -s {$log_size} " . escapeshellarg($logfile)); else - exec("/usr/sbin/clog -i -s {$log_size} {$logfile}"); + exec("/usr/sbin/clog -i -s {$log_size} " . escapeshellarg($logfile)); } if ($restart_syslogd) system_syslogd_start(); @@ -583,20 +583,20 @@ function dump_clog($logfile, $tail, $withorig = true, $grepfor = "", $grepinvert $grepline = " "; if(is_array($grepfor)) foreach($grepfor as $agrep) - $grepline .= " | grep \"$agrep\""; + $grepline .= " | grep " . escapeshellarg($agrep); if(is_array($grepinvert)) foreach($grepinvert as $agrep) - $grepline .= " | grep -v \"$agrep\""; + $grepline .= " | grep -v " . escapeshellarg($agrep); if(file_exists($logfile) && filesize($logfile) == 0) { $logarr = array("Log file started."); } else { if($config['system']['disablesyslogclog']) { - exec("cat {$logfile}{$grepline} | /usr/bin/tail {$sor} -n {$tail}", $logarr); + exec("cat " . escapeshellarg($logfile) . "{$grepline} | /usr/bin/tail {$sor} -n " . escapeshellarg($tail), $logarr); } else { if(isset($config['system']['usefifolog'])) - exec("/usr/sbin/fifolog_reader {$logfile}{$grepline} | /usr/bin/tail {$sor} -n {$tail}", $logarr); + exec("/usr/sbin/fifolog_reader " . escapeshellarg($logfile) . "{$grepline} | /usr/bin/tail {$sor} -n " . escapeshellarg($tail), $logarr); else - exec("/usr/sbin/clog {$logfile}{$grepline}| grep -v \"CLOG\" | grep -v \"\033\" | /usr/bin/tail {$sor} -n {$tail}", $logarr); + exec("/usr/sbin/clog " . escapeshellarg($logfile) . "{$grepline}| grep -v \"CLOG\" | grep -v \"\033\" | /usr/bin/tail {$sor} -n " . escapeshellarg($tail), $logarr); } } foreach ($logarr as $logent) { @@ -628,17 +628,17 @@ function return_clog($logfile, $tail, $withorig = true, $grepfor = "", $grepinve $grepline = " "; if(is_array($grepfor)) foreach($grepfor as $agrep) - $grepline .= " | grep \"$agrep\""; + $grepline .= " | grep " . escapeshellarg($agrep); if(is_array($grepinvert)) foreach($grepinvert as $agrep) - $grepline .= " | grep -v \"$agrep\""; + $grepline .= " | grep -v " . escapeshellarg($agrep); if($config['system']['disablesyslogclog']) { - exec("cat {$logfile}{$grepline} | /usr/bin/tail {$sor} -n {$tail}", $logarr); + exec("cat " . escapeshellarg($logfile) . "{$grepline} | /usr/bin/tail {$sor} -n " . escapeshellarg($tail), $logarr); } else { if(isset($config['system']['usefifolog'])) { - exec("/usr/sbin/fifolog_reader {$logfile}{$grepline} | /usr/bin/tail {$sor} -n {$tail}", $logarr); + exec("/usr/sbin/fifolog_reader " . escapeshellarg($logfile) . "{$grepline} | /usr/bin/tail {$sor} -n " . escapeshellarg($tail), $logarr); } else { - exec("/usr/sbin/clog {$logfile}{$grepline}| grep -v \"CLOG\" | grep -v \"\033\" | /usr/bin/tail {$sor} -n {$tail}", $logarr); + exec("/usr/sbin/clog " . escapeshellarg($logfile) . "{$grepline}| grep -v \"CLOG\" | grep -v \"\033\" | /usr/bin/tail {$sor} -n " . escapeshellarg($tail), $logarr); } } return($logarr); |