lucaspalomodevelop/core
1
0
Fork 0
mirror of https://github.com/lucaspalomodevelop/core.git synced 2026-03-14 08:34:39 +00:00
Code Issues Packages Projects Releases Wiki Activity

mvc: this looks unsafe, adapt to what exec_safe() is doing

Browse Source
This commit is contained in:
Franco Fichtner 2018-04-25 11:15:46 +02:00
parent b2b926d7ad
commit a65b09f051
1 changed files with 8 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
src/opnsense/mvc/app/library/OPNsense/Core/Backend.php
View File

@ -1,8 +1,7 @@
<?php
/**
/*
* Copyright (C) 2015 Deciso B.V.
*
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
@ -25,8 +24,8 @@
* CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
* POSSIBILITY OF SUCH DAMAGE.
*
*/
namespace OPNsense\Core;
use Phalcon\Logger\Adapter\Syslog;
@ -142,9 +141,13 @@ class Backend
*/
public function configdpRun($event, $params = array(), $detach = false, $timeout = 120)
{
if (!is_array($params)) {
/* just in case there's only one parameter */
$params = array($params);
}
foreach ($params as $param) {
// quote parameters
$event .= ' "' . str_replace('"', '\\"', $param) . '"';
$event .= ' ' . escapeshellarg($param);
}
return $this->configdRun($event, $detach, $timeout);