diff options
author | Ermal <eri@pfsense.org> | 2013-01-21 20:52:38 +0000 |
---|---|---|
committer | Ermal <eri@pfsense.org> | 2013-01-21 20:52:38 +0000 |
commit | 3335f5d1bdc707ca814efc65c8f70bea9cac4498 (patch) | |
tree | 5ef20149ab402d5b15b8c7fbf329db8292cc10cc /usr/local/www | |
parent | 4734474e0bdc8cfb44a93f81deb4599de2c1dc19 (diff) | |
download | pfsense-3335f5d1bdc707ca814efc65c8f70bea9cac4498.zip pfsense-3335f5d1bdc707ca814efc65c8f70bea9cac4498.tar.gz |
Use more secure file name for the operations to avoid issues
Diffstat (limited to 'usr/local/www')
-rwxr-xr-x | usr/local/www/services_captiveportal_ip_edit.php | 7 |
1 files changed, 4 insertions, 3 deletions
diff --git a/usr/local/www/services_captiveportal_ip_edit.php b/usr/local/www/services_captiveportal_ip_edit.php index 2b86051..88f1203 100755 --- a/usr/local/www/services_captiveportal_ip_edit.php +++ b/usr/local/www/services_captiveportal_ip_edit.php @@ -160,10 +160,11 @@ if ($_POST) { $rules .= "pipe delete " . ($ipfw['dnpipe']+1); } $rules .= captiveportal_allowedip_configure_entry($ip); - @file_put_contents("{$g['tmp_path']}/{$cpzone}_allowedip_tmp{$id}", $rules); + $uniqid = uniq_id("{$cpzone}_allowed"); + @file_put_contents("{$g['tmp_path']}/{$uniqid}_tmp", $rules); captiveportal_ipfw_set_context($cpzone); - mwexec("/sbin/ipfw -q {$g['tmp_path']}/{$cpzone}_allowedip_tmp{$id}"); - @unlink("{$g['tmp_path']}/{$cpzone}_allowedip_tmp{$id}"); + mwexec("/sbin/ipfw -q {$g['tmp_path']}/{$uniqid}_tmp"); + @unlink("{$g['tmp_path']}/{$uniqid}_tmp"); } header("Location: services_captiveportal_ip.php?zone={$cpzone}"); |