diff options
| author | Renato Botelho <garga@FreeBSD.org> | 2014-06-17 09:40:06 -0300 |
|---|---|---|
| committer | Renato Botelho <garga@FreeBSD.org> | 2014-06-17 09:40:27 -0300 |
| commit | 45438fd3fd14a76491f633bf9d34bc239cabb876 (patch) | |
| tree | c202120211fdcd18a6c3d4df7a7035e2b63cd5dc /usr | |
| parent | 76c4ff0ecf269272aad3a6f06942596d2f0ab9ff (diff) | |
| download | pfsense-45438fd3fd14a76491f633bf9d34bc239cabb876.zip pfsense-45438fd3fd14a76491f633bf9d34bc239cabb876.tar.gz | |
Escape parameters passed to shell_exec()
Diffstat (limited to 'usr')
| -rw-r--r-- | usr/local/pkg/openntpd.inc | 2 | ||||
| -rw-r--r-- | usr/local/www/diag_smart.php | 2 |
2 files changed, 2 insertions, 2 deletions
diff --git a/usr/local/pkg/openntpd.inc b/usr/local/pkg/openntpd.inc index c4914b8..dcbb50a 100644 --- a/usr/local/pkg/openntpd.inc +++ b/usr/local/pkg/openntpd.inc @@ -21,7 +21,7 @@ EOD; function openntpd_get_iface_ip($iface) { $iface = convert_friendly_interface_to_real_interface_name($iface); - $line = trim(shell_exec("ifconfig $iface | grep inet | grep -v inet6")); + $line = trim(shell_exec("ifconfig " . escapeshellarg($iface) . " | grep inet | grep -v inet6")); list($dummy, $ip, $dummy2, $dummy3) = explode(' ', $line); return $ip; diff --git a/usr/local/www/diag_smart.php b/usr/local/www/diag_smart.php index f024589..2cbc60b 100644 --- a/usr/local/www/diag_smart.php +++ b/usr/local/www/diag_smart.php @@ -85,7 +85,7 @@ function update_email($email) if(!empty($email)) { // Put it in the smartd.conf file - shell_exec("/usr/bin/sed -i old 's/^DEVICESCAN.*/DEVICESCAN -H -m " . $email . "/' /usr/local/etc/smartd.conf"); + shell_exec("/usr/bin/sed -i old 's/^DEVICESCAN.*/DEVICESCAN -H -m " . escapeshellarg($email) . "/' /usr/local/etc/smartd.conf"); } // Nope else |
