Project

General

Profile

Actions

Bug #3817

closed

Missing call to preg_quote at pkg-utils.inc:295

Added by Pablo Ruiz over 10 years ago. Updated about 10 years ago.

Status:
Resolved
Priority:
High
Assignee:
-
Category:
-
Target version:
Start date:
08/19/2014
Due date:
% Done:

100%

Estimated time:
Plus Target Version:
Release Notes:
Affected Version:
All
Affected Architecture:

Description

Hello,

While diagnosing an obscure error with haproxy-devel package, I've found that if a package contains a file with 'xml' (like axmlname.inc) on its name, get_pkg_depends will fail as it will incorrectly try to parse such a file as an xml.

The issue comes from a missiong preg_quote at https://github.com/pfsense/pfsense/blob/master/etc/inc/pkg-utils.inc#L295 which causes '${filetype}' to be passed 'as is' to preg_match. And thus when filetype=".xml" the dot wont get escaped and the match will accept anything with "any caracter" followed by 'xml'.

Actions

Also available in: Atom PDF