From 873c1701a8934ac9a10284fe794eb86db1cead68 Mon Sep 17 00:00:00 2001
From: Renato Botelho <garga@FreeBSD.org>
Date: Mon, 3 Feb 2014 14:55:01 -0200
Subject: Add escapeshellarg() calls on exec parameters. While I'm here,
 replace some exec() calls by php functions like symlink, copy, unlink, mkdir

---
 etc/inc/openvpn.inc | 14 +++++++-------
 1 file changed, 7 insertions(+), 7 deletions(-)

(limited to 'etc/inc/openvpn.inc')

diff --git a/etc/inc/openvpn.inc b/etc/inc/openvpn.inc
index 509089b..c9f67d5 100644
--- a/etc/inc/openvpn.inc
+++ b/etc/inc/openvpn.inc
@@ -420,13 +420,13 @@ function openvpn_reconfigure($mode, $settings) {
 
 		/* create the tap device if required */
 		if (!file_exists("/dev/{$tunname}"))
-			exec("/sbin/ifconfig {$tunname} create");
+			exec("/sbin/ifconfig " . escapeshellarg($tunname) . " create");
 
 		/* rename the device */
-		mwexec("/sbin/ifconfig {$tunname} name {$devname}");
+		mwexec("/sbin/ifconfig " . escapeshellarg($tunname) . " name " . escapeshellarg($devname));
 
 		/* add the device to the openvpn group */
-		mwexec("/sbin/ifconfig {$devname} group openvpn");
+		mwexec("/sbin/ifconfig " . escapeshellarg($devname) . " group openvpn");
 	}
 
 	$pfile = $g['varrun_path'] . "/openvpn_{$mode_id}.pid";
@@ -809,7 +809,7 @@ function openvpn_restart($mode, $settings) {
 	/* start the new process */
 	$fpath = $g['varetc_path']."/openvpn/{$mode_id}.conf";
 	openvpn_clear_route($mode, $settings);
-	mwexec_bg("/usr/local/sbin/openvpn --config {$fpath}");
+	mwexec_bg("/usr/local/sbin/openvpn --config " . escapeshellarg($fpath));
 
 	if (!$g['booting'])
 		send_event("filter reload");
@@ -845,13 +845,13 @@ function openvpn_delete($mode, & $settings) {
 	}
 
 	/* remove the device from the openvpn group */
-	mwexec("/sbin/ifconfig {$devname} -group openvpn");
+	mwexec("/sbin/ifconfig " . escapeshellarg($devname) . " -group openvpn");
 
 	/* restore the original adapter name */
-	mwexec("/sbin/ifconfig {$devname} name {$tunname}");
+	mwexec("/sbin/ifconfig " . escapeshellarg($devname) . " name " . escapeshellarg($tunname));
 
 	/* remove the configuration files */
-	mwexec("/bin/rm {$g['varetc_path']}/openvpn/{$mode_id}.*");
+	array_map('unlink', glob("{$g['varetc_path']}/openvpn/{$mode_id}.*"));
 }
 
 function openvpn_cleanup_csc($common_name) {
-- 
cgit v1.1