Use more secure file name for the operations to avoid issues

2 files changed, 5 insertions, 4 deletions

diff --git a/usr/local/www/services_captiveportal_ip_edit.php b/usr/local/www/services_captiveportal_ip_edit.php
index 88f1203..0130e35 100755
--- a/usr/local/www/services_captiveportal_ip_edit.php
+++ b/usr/local/www/services_captiveportal_ip_edit.php
@@ -160,7 +160,7 @@ if ($_POST) {
 				$rules .= "pipe delete " . ($ipfw['dnpipe']+1);
 			}
 			$rules .= captiveportal_allowedip_configure_entry($ip);
-			$uniqid = uniq_id("{$cpzone}_allowed");
+			$uniqid = uniqid("{$cpzone}_allowed");
 			@file_put_contents("{$g['tmp_path']}/{$uniqid}_tmp", $rules);
 			captiveportal_ipfw_set_context($cpzone);
 			mwexec("/sbin/ipfw -q {$g['tmp_path']}/{$uniqid}_tmp");
diff --git a/usr/local/www/services_captiveportal_mac_edit.php b/usr/local/www/services_captiveportal_mac_edit.php
index 7e31f42..b0e1ebb 100755
--- a/usr/local/www/services_captiveportal_mac_edit.php
+++ b/usr/local/www/services_captiveportal_mac_edit.php
@@ -156,10 +156,11 @@ if ($_POST) {
 			}
 			
 			$rules .= captiveportal_passthrumac_configure_entry($mac);
-			file_put_contents("{$g['tmp_path']}/{$cpzone}_tmpmacedit{$id}", $rules);
+			$uniqid = uniqid("{$cpzone}_macedit");
+			file_put_contents("{$g['tmp_path']}/{$uniqid}_tmp", $rules);
 			captiveportal_ipfw_set_context($cpzone);
-			mwexec("/sbin/ipfw -q {$g['tmp_path']}/{$cpzone}_tmpmacedit{$id}");
-			@unlink("{$g['tmp_path']}/{$cpzone}_tmpmacedit{$id}");
+			mwexec("/sbin/ipfw -q {$g['tmp_path']}/{$uniqid}_tmp");
+			@unlink("{$g['tmp_path']}/{$uniqid}_tmp");
 		}
 
 		header("Location: services_captiveportal_mac.php?zone={$cpzone}");