From d31ca3363dcb7b243f71118744123a5ba71665cb Mon Sep 17 00:00:00 2001 From: Renato Botelho Date: Tue, 4 Feb 2014 12:33:29 -0200 Subject: Add escapeshellarg() calls on exec parameters. While I'm here, replace some exec() calls by php functions like symlink, copy, unlink, mkdir --- usr/local/www/crash_reporter.php | 8 ++++---- usr/local/www/diag_arp.php | 2 +- usr/local/www/diag_logs_vpn.php | 6 +++--- usr/local/www/diag_smart.php | 4 ++-- usr/local/www/firewall_aliases_edit.php | 6 +++--- usr/local/www/guiconfig.inc | 24 ++++++++++++------------ usr/local/www/interfaces.php | 2 +- usr/local/www/services_wol.php | 2 +- 8 files changed, 27 insertions(+), 27 deletions(-) (limited to 'usr') diff --git a/usr/local/www/crash_reporter.php b/usr/local/www/crash_reporter.php index d3146b8..853be0a 100755 --- a/usr/local/www/crash_reporter.php +++ b/usr/local/www/crash_reporter.php @@ -102,10 +102,10 @@ exec("/usr/bin/grep -vi warning /tmp/PHP_errors.log", $php_errors); if (gettext($_POST['Submit']) == "Yes") { echo gettext("Processing..."); if (!is_dir("/var/crash")) - mwexec("/bin/mkdir -p /var/crash"); + mkdir("/var/crash", 0750, true); @file_put_contents("/var/crash/crashreport_header.txt", $crash_report_header); if(file_exists("/tmp/PHP_errors.log")) - exec("cp /tmp/PHP_errors.log /var/crash/"); + copy("/tmp/PHP_errors.log", "/var/crash/"); exec("/usr/bin/gzip /var/crash/*"); $files_to_upload = glob("/var/crash/*"); echo "

"; @@ -114,7 +114,7 @@ exec("/usr/bin/grep -vi warning /tmp/PHP_errors.log", $php_errors); flush(); if(is_array($files_to_upload)) { $resp = upload_crash_report($files_to_upload); - exec("rm /var/crash/*"); + array_map('unlink', glob("/var/crash/*")); // Erase the contents of the PHP error log fclose(fopen("/tmp/PHP_errors.log", 'w')); echo "

"; @@ -124,7 +124,7 @@ exec("/usr/bin/grep -vi warning /tmp/PHP_errors.log", $php_errors); echo "Could not find any crash files."; } } else if(gettext($_POST['Submit']) == "No") { - exec("rm /var/crash/*"); + array_map('unlink', glob("rm /var/crash/*")); // Erase the contents of the PHP error log fclose(fopen("/tmp/PHP_errors.log", 'w')); Header("Location: /"); diff --git a/usr/local/www/diag_arp.php b/usr/local/www/diag_arp.php index c24ca62..19f74f0 100755 --- a/usr/local/www/diag_arp.php +++ b/usr/local/www/diag_arp.php @@ -249,7 +249,7 @@ function _getHostName($mac,$ip) { else if ($dhcpip[$ip]) return $dhcpip[$ip]; else{ - exec("host -W 1 $ip", $output); + exec("host -W 1 " . escapeshellarg($ip), $output); if (preg_match('/.*pointer ([A-Za-z0-9.-]+)\..*/',$output[0],$matches)) { if ($matches[1] <> $ip) return $matches[1]; diff --git a/usr/local/www/diag_logs_vpn.php b/usr/local/www/diag_logs_vpn.php index 7920306..715eb69 100755 --- a/usr/local/www/diag_logs_vpn.php +++ b/usr/local/www/diag_logs_vpn.php @@ -90,9 +90,9 @@ function dump_clog_vpn($logfile, $tail) { $logarr = ""; if(isset($config['system']['usefifolog'])) - exec("/usr/sbin/fifolog_reader " . $logfile . " | tail {$sor} -n " . $tail, $logarr); + exec("/usr/sbin/fifolog_reader " . escapeshellarg($logfile) . " | tail {$sor} -n " . $tail, $logarr); else - exec("/usr/sbin/clog " . $logfile . " | tail {$sor} -n " . $tail, $logarr); + exec("/usr/sbin/clog " . escapeshellarg($logfile) . " | tail {$sor} -n " . $tail, $logarr); foreach ($logarr as $logent) { $logent = preg_split("/\s+/", $logent, 6); @@ -191,4 +191,4 @@ include("head.inc"); - \ No newline at end of file + diff --git a/usr/local/www/diag_smart.php b/usr/local/www/diag_smart.php index d7e8072..73f3405 100644 --- a/usr/local/www/diag_smart.php +++ b/usr/local/www/diag_smart.php @@ -85,7 +85,7 @@ function update_email($email) if(!empty($email)) { // Put it in the smartd.conf file - shell_exec("/usr/bin/sed -i old 's/^DEVICESCAN.*/DEVICESCAN -H -m " . $email . "/' /usr/local/etc/smartd.conf"); + shell_exec("/usr/bin/sed -i old 's/^DEVICESCAN.*/DEVICESCAN -H -m " . escapeshellarg($email) . "/' /usr/local/etc/smartd.conf"); } // Nope else @@ -98,7 +98,7 @@ function update_email($email) function smartmonctl($action) { global $start_script; - shell_exec($start_script . $action); + shell_exec($start_script . escapeshellarg($action)); } // What page, aka. action is being wanted diff --git a/usr/local/www/firewall_aliases_edit.php b/usr/local/www/firewall_aliases_edit.php index b2f3eb9..d92e145 100755 --- a/usr/local/www/firewall_aliases_edit.php +++ b/usr/local/www/firewall_aliases_edit.php @@ -73,7 +73,7 @@ if($_POST) // Debugging if($debug) - exec("rm -f {$g['tmp_path']}/alias_rename_log.txt"); + unlink("{$g['tmp_path']}/alias_rename_log.txt"); function alias_same_type($name, $type) { global $config; @@ -213,7 +213,7 @@ if ($_POST) { $temp_filename = tempnam("{$g['tmp_path']}/", "alias_import"); unlink($temp_filename); $verify_ssl = isset($config['system']['checkaliasesurlcert']); - mwexec("/bin/mkdir -p {$temp_filename}"); + mkdir($temp_filename); download_file($_POST['address' . $x], $temp_filename . "/aliases", $verify_ssl); /* if the item is tar gzipped then extract */ @@ -270,7 +270,7 @@ if ($_POST) { /* nothing was found */ $input_errors[] = sprintf(gettext("You must provide a valid URL. Could not fetch usable data from '%s'."), $_POST['address' . $x]); } - mwexec("/bin/rm -rf {$temp_filename}"); + mwexec("/bin/rm -rf " . escapeshellarg($temp_filename)); } else { $input_errors[] = sprintf(gettext("URL '%s' is not valid."), $_POST['address' . $x]); } diff --git a/usr/local/www/guiconfig.inc b/usr/local/www/guiconfig.inc index 1997ac5..9348dd3 100755 --- a/usr/local/www/guiconfig.inc +++ b/usr/local/www/guiconfig.inc @@ -553,9 +553,9 @@ function clear_log_file($logfile = "/var/log/system.log", $restart_syslogd = tru } else { $log_size = isset($config['syslog']['logfilesize']) ? $config['syslog']['logfilesize'] : "511488"; if(isset($config['system']['usefifolog'])) - exec("/usr/sbin/fifolog_create -s {$log_size} {$logfile}"); + exec("/usr/sbin/fifolog_create -s {$log_size} " . escapeshellarg($logfile)); else - exec("/usr/sbin/clog -i -s {$log_size} {$logfile}"); + exec("/usr/sbin/clog -i -s {$log_size} " . escapeshellarg($logfile)); } if ($restart_syslogd) system_syslogd_start(); @@ -583,20 +583,20 @@ function dump_clog($logfile, $tail, $withorig = true, $grepfor = "", $grepinvert $grepline = " "; if(is_array($grepfor)) foreach($grepfor as $agrep) - $grepline .= " | grep \"$agrep\""; + $grepline .= " | grep " . escapeshellarg($agrep); if(is_array($grepinvert)) foreach($grepinvert as $agrep) - $grepline .= " | grep -v \"$agrep\""; + $grepline .= " | grep -v " . escapeshellarg($agrep); if(file_exists($logfile) && filesize($logfile) == 0) { $logarr = array("Log file started."); } else { if($config['system']['disablesyslogclog']) { - exec("cat {$logfile}{$grepline} | /usr/bin/tail {$sor} -n {$tail}", $logarr); + exec("cat " . escapeshellarg($logfile) . "{$grepline} | /usr/bin/tail {$sor} -n " . escapeshellarg($tail), $logarr); } else { if(isset($config['system']['usefifolog'])) - exec("/usr/sbin/fifolog_reader {$logfile}{$grepline} | /usr/bin/tail {$sor} -n {$tail}", $logarr); + exec("/usr/sbin/fifolog_reader " . escapeshellarg($logfile) . "{$grepline} | /usr/bin/tail {$sor} -n " . escapeshellarg($tail), $logarr); else - exec("/usr/sbin/clog {$logfile}{$grepline}| grep -v \"CLOG\" | grep -v \"\033\" | /usr/bin/tail {$sor} -n {$tail}", $logarr); + exec("/usr/sbin/clog " . escapeshellarg($logfile) . "{$grepline}| grep -v \"CLOG\" | grep -v \"\033\" | /usr/bin/tail {$sor} -n " . escapeshellarg($tail), $logarr); } } foreach ($logarr as $logent) { @@ -628,17 +628,17 @@ function return_clog($logfile, $tail, $withorig = true, $grepfor = "", $grepinve $grepline = " "; if(is_array($grepfor)) foreach($grepfor as $agrep) - $grepline .= " | grep \"$agrep\""; + $grepline .= " | grep " . escapeshellarg($agrep); if(is_array($grepinvert)) foreach($grepinvert as $agrep) - $grepline .= " | grep -v \"$agrep\""; + $grepline .= " | grep -v " . escapeshellarg($agrep); if($config['system']['disablesyslogclog']) { - exec("cat {$logfile}{$grepline} | /usr/bin/tail {$sor} -n {$tail}", $logarr); + exec("cat " . escapeshellarg($logfile) . "{$grepline} | /usr/bin/tail {$sor} -n " . escapeshellarg($tail), $logarr); } else { if(isset($config['system']['usefifolog'])) { - exec("/usr/sbin/fifolog_reader {$logfile}{$grepline} | /usr/bin/tail {$sor} -n {$tail}", $logarr); + exec("/usr/sbin/fifolog_reader " . escapeshellarg($logfile) . "{$grepline} | /usr/bin/tail {$sor} -n " . escapeshellarg($tail), $logarr); } else { - exec("/usr/sbin/clog {$logfile}{$grepline}| grep -v \"CLOG\" | grep -v \"\033\" | /usr/bin/tail {$sor} -n {$tail}", $logarr); + exec("/usr/sbin/clog " . escapeshellarg($logfile) . "{$grepline}| grep -v \"CLOG\" | grep -v \"\033\" | /usr/bin/tail {$sor} -n " . escapeshellarg($tail), $logarr); } } return($logarr); diff --git a/usr/local/www/interfaces.php b/usr/local/www/interfaces.php index bfea79d..8927d5b 100755 --- a/usr/local/www/interfaces.php +++ b/usr/local/www/interfaces.php @@ -1314,7 +1314,7 @@ function check_wireless_mode() { if (!interface_wireless_clone("{$wlanif}_", $wancfg)) { $input_errors[] = sprintf(gettext("Unable to change mode to %s. You may already have the maximum number of wireless clones supported in this mode."), $wlan_modes[$wancfg['wireless']['mode']]); } else { - mwexec("/sbin/ifconfig {$wlanif}_ destroy"); + mwexec("/sbin/ifconfig " . escapeshellarg($wlanif) . "_ destroy"); } $wancfg['wireless']['mode'] = $old_wireless_mode; } diff --git a/usr/local/www/services_wol.php b/usr/local/www/services_wol.php index f60a792..6494a07 100755 --- a/usr/local/www/services_wol.php +++ b/usr/local/www/services_wol.php @@ -95,7 +95,7 @@ if ($_POST || $_GET['mac']) { else { $bcip = gen_subnet_max($ipaddr, get_interface_subnet($if)); /* Execute wol command and check return code. */ - if(!mwexec("/usr/local/bin/wol -i {$bcip} {$mac}")) + if(!mwexec("/usr/local/bin/wol -i {$bcip} " . escapeshellarg($mac))) $savemsg .= sprintf(gettext("Sent magic packet to %s."),$mac); else $savemsg .= sprintf(gettext('Please check the %1$ssystem log%2$s, the wol command for %3$s did not complete successfully%4$s'),'', '', $mac, ".
"); -- cgit v1.1