diff options
author | Scott Ullrich <sullrich@pfsense.org> | 2005-03-13 21:54:28 +0000 |
---|---|---|
committer | Scott Ullrich <sullrich@pfsense.org> | 2005-03-13 21:54:28 +0000 |
commit | 677e088005c02c4c810d97af68bc0eee25207d1a (patch) | |
tree | 60fa967907d767610bb7cf6b9203c3fc583e2b8b /usr | |
parent | a1f1ebb44a5fc2d0fff1149f831e0071ad7a3cc9 (diff) | |
download | pfsense-677e088005c02c4c810d97af68bc0eee25207d1a.zip pfsense-677e088005c02c4c810d97af68bc0eee25207d1a.tar.gz |
Use php_check_syntax on code before eval()
Diffstat (limited to 'usr')
-rwxr-xr-x | usr/local/www/pkg_mgr_install.php | 14 |
1 files changed, 10 insertions, 4 deletions
diff --git a/usr/local/www/pkg_mgr_install.php b/usr/local/www/pkg_mgr_install.php index 912b8e5..50a2f99 100755 --- a/usr/local/www/pkg_mgr_install.php +++ b/usr/local/www/pkg_mgr_install.php @@ -383,11 +383,14 @@ foreach ($packages_to_install as $id) { if($menu['url'] <> "") { // override $myurl for script. $toeval = "\$myurl = \"" . getenv("HTTP_HOST") . "\"; \n"; - eval($toeval); + $error_message = ""; + if(php_check_syntax($toeval, $error_message) == false) + eval($toeval); // eval url so that above $myurl item can be processed if need be. $urltmp = $menu['url']; $toeval = "\$url = \"" . $urltmp . "\"; \n"; - eval($toeval); + if(php_check_syntax($toeval, $error_message) == false) + eval($toeval); fwrite($fd, $url . "\n"); } else { $xml = ""; @@ -419,11 +422,14 @@ foreach ($packages_to_install as $id) { if($package_conf['custom_php_install_command']) { update_status("Executing post install commands...\n"); fwrite($fd_log, "Executing post install commands...\n"); + $error_message = ""; if($package_conf['custom_php_command_before_form'] <> "") - eval($package_conf['custom_php_command_before_form']); + if(php_check_syntax($package_conf['custom_php_command_before_form'], $error_message) == false) + eval($package_conf['custom_php_command_before_form']); $pb_percent += 50; update_progress_bar(50); - eval($package_conf['custom_php_install_command']); + if(php_check_syntax($package_conf['custom_php_install_command'], $error_message) == false) + eval($package_conf['custom_php_install_command']); } $pb_percent += 10; |