summaryrefslogtreecommitdiffstats
path: root/etc/inc/captiveportal.inc
diff options
context:
space:
mode:
Diffstat (limited to 'etc/inc/captiveportal.inc')
-rw-r--r--etc/inc/captiveportal.inc4
1 files changed, 2 insertions, 2 deletions
diff --git a/etc/inc/captiveportal.inc b/etc/inc/captiveportal.inc
index c3b72e4..78a70a2 100644
--- a/etc/inc/captiveportal.inc
+++ b/etc/inc/captiveportal.inc
@@ -1478,7 +1478,7 @@ function captiveportal_get_dn_passthru_ruleno($value) {
if (file_exists("{$g['vardb_path']}/captiveportaldn.rules")) {
$rules = unserialize(file_get_contents("{$g['vardb_path']}/captiveportaldn.rules"));
unset($output);
- $_gb = exec("/sbin/ipfw -x {$cpzoneid} show | /usr/bin/grep {$value} | /usr/bin/grep -v grep | /usr/bin/awk '{print $5}' | /usr/bin/head -n 1", $output);
+ $_gb = exec("/sbin/ipfw -x {$cpzoneid} show | /usr/bin/grep " . escapeshellarg($value) . " | /usr/bin/grep -v grep | /usr/bin/awk '{print $5}' | /usr/bin/head -n 1", $output);
$ruleno = intval($output[0]);
if (!$rules[$ruleno])
$ruleno = NULL;
@@ -1566,7 +1566,7 @@ function captiveportal_get_ipfw_passthru_ruleno($value) {
if (file_exists("{$g['vardb_path']}/captiveportal_{$cpzone}.rules")) {
$rules = unserialize(file_get_contents("{$g['vardb_path']}/captiveportal_{$cpzone}.rules"));
unset($output);
- $_gb = exec("/sbin/ipfw -x {$cpzoneid} show | /usr/bin/grep {$value} | /usr/bin/grep -v grep | /usr/bin/awk '{print $1}' | /usr/bin/head -n 1", $output);
+ $_gb = exec("/sbin/ipfw -x {$cpzoneid} show | /usr/bin/grep " . escapeshellarg($value) . " | /usr/bin/grep -v grep | /usr/bin/awk '{print $1}' | /usr/bin/head -n 1", $output);
$ruleno = intval($output[0]);
if (!$rules[$ruleno])
$ruleno = NULL;
OpenPOWER on IntegriCloud