Bug #5780
closedphpservice.inc - variables between EOF not escaped.
0%
Description
make a long term short ..
37: - $tmp = <<<EOF
37: + $tmp = '
44: - filename = "/tmp/phpmonitor.pid";
44: + filename = '/tmp/phpmonitor.pid';
45: - $fp = fopen($filename, 'w');
45: + $fp = fopen($filename, "w");
68: - if (!file_exists('/tmp/phpmonitor.pid')) {
68: + if (!file_exists("/tmp/phpmonitor.pid")) {
72: - EOF;
72: + ';
87: - $tmp .= <<< EOF
87: + $tmp .= '
93: - EOF;
93: + ';
it dont work without this modification because the string varibales between EOF are not present in phpservice.php
testet on 2.2.4 and 2.2.6
please verify and pack it to to the repro :)
thanks
Files
Updated by Phillip Davis over 8 years ago
It will be easy to review if you edit the source code at https://github.com/pfsense/pfsense-packages/blob/master/config/phpservice/phpservice.inc and make a pull request.
Updated by Chris Buechler almost 8 years ago
- Status changed from New to Closed
package has been removed