Project

General

Profile

Actions
Copy link

Bug #5780

closed

phpservice.inc - variables between EOF not escaped.

Added by Christian Lackstaetter over 8 years ago. Updated almost 8 years ago.

Status:
Closed
Priority:
Normal
Assignee:
-
Category:
-
Target version:
-
Start date:
01/18/2016
Due date:
% Done:

0%

Estimated time:
Plus Target Version:
Affected Version:
Affected Plus Version:
Affected Architecture:
All

Description

make a long term short ..

37: - $tmp = <<<EOF
37: + $tmp = '
44: - filename = "/tmp/phpmonitor.pid";
44: + filename = '/tmp/phpmonitor.pid';
45: - $fp = fopen($filename, 'w');
45: + $fp = fopen($filename, "w");
68: - if (!file_exists('/tmp/phpmonitor.pid')) {
68: + if (!file_exists("/tmp/phpmonitor.pid")) {
72: - EOF;
72: + ';
87: - $tmp .= <<< EOF
87: + $tmp .= '
93: - EOF;
93: + ';

it dont work without this modification because the string varibales between EOF are not present in phpservice.php
testet on 2.2.4 and 2.2.6

please verify and pack it to to the repro :)

thanks

Files

phpservice.inc (3.55 KB) phpservice.inc my working version Christian Lackstaetter, 01/18/2016 01:01 PM
Actions
Copy link
 #1

Updated by Phillip Davis over 8 years ago

It will be easy to review if you edit the source code at https://github.com/pfsense/pfsense-packages/blob/master/config/phpservice/phpservice.inc and make a pull request.

Actions
Copy link
 #2

Updated by Chris Buechler almost 8 years ago

  • Status changed from New to Closed

package has been removed

Actions
Copy link

Also available in: Atom PDF