From 3335f5d1bdc707ca814efc65c8f70bea9cac4498 Mon Sep 17 00:00:00 2001
From: Ermal <eri@pfsense.org>
Date: Mon, 21 Jan 2013 20:52:38 +0000
Subject: Use more secure file name for the operations to avoid issues

---
 usr/local/www/services_captiveportal_ip_edit.php | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

(limited to 'usr')

diff --git a/usr/local/www/services_captiveportal_ip_edit.php b/usr/local/www/services_captiveportal_ip_edit.php
index 2b86051..88f1203 100755
--- a/usr/local/www/services_captiveportal_ip_edit.php
+++ b/usr/local/www/services_captiveportal_ip_edit.php
@@ -160,10 +160,11 @@ if ($_POST) {
 				$rules .= "pipe delete " . ($ipfw['dnpipe']+1);
 			}
 			$rules .= captiveportal_allowedip_configure_entry($ip);
-			@file_put_contents("{$g['tmp_path']}/{$cpzone}_allowedip_tmp{$id}", $rules);
+			$uniqid = uniq_id("{$cpzone}_allowed");
+			@file_put_contents("{$g['tmp_path']}/{$uniqid}_tmp", $rules);
 			captiveportal_ipfw_set_context($cpzone);
-			mwexec("/sbin/ipfw -q {$g['tmp_path']}/{$cpzone}_allowedip_tmp{$id}");
-			@unlink("{$g['tmp_path']}/{$cpzone}_allowedip_tmp{$id}");
+			mwexec("/sbin/ipfw -q {$g['tmp_path']}/{$uniqid}_tmp");
+			@unlink("{$g['tmp_path']}/{$uniqid}_tmp");
 		}
 		
 		header("Location: services_captiveportal_ip.php?zone={$cpzone}");
-- 
cgit v1.1