https://redmine.pfsense.org/https://redmine.pfsense.org/favicon.ico?16780521162017-02-07T13:40:06ZpfSense bugtrackerpfSense - Bug #7230: wizard.php - update_config_field() uses eval to set a value in a way that allows variable protections to be bypassedhttps://redmine.pfsense.org/issues/7230?journal_id=311702017-02-07T13:40:06ZJim Pingle
<ul><li><strong>Status</strong> changed from <i>Confirmed</i> to <i>Feedback</i></li><li><strong>% Done</strong> changed from <i>0</i> to <i>100</i></li></ul><p>Applied in changeset <a class="changeset" title="Rather than setting the value directly, minimize exposure to eval() in update_config_field() from..." href="https://redmine.pfsense.org/projects/pfsense/repository/2/revisions/5baea4da88fd6c093582d9c3e9b67cce5d6a1013">5baea4da88fd6c093582d9c3e9b67cce5d6a1013</a>.</p> pfSense - Bug #7230: wizard.php - update_config_field() uses eval to set a value in a way that allows variable protections to be bypassedhttps://redmine.pfsense.org/issues/7230?journal_id=312032017-02-07T20:34:33ZJim Pingle
<ul><li><strong>Status</strong> changed from <i>Feedback</i> to <i>Resolved</i></li></ul><p>Fixed</p> pfSense - Bug #7230: wizard.php - update_config_field() uses eval to set a value in a way that allows variable protections to be bypassedhttps://redmine.pfsense.org/issues/7230?journal_id=312902017-02-10T10:20:57ZJim Pingle
<ul><li><strong>Target version</strong> changed from <i>2.4.0</i> to <i>2.3.3</i></li></ul> pfSense - Bug #7230: wizard.php - update_config_field() uses eval to set a value in a way that allows variable protections to be bypassedhttps://redmine.pfsense.org/issues/7230?journal_id=322912017-03-21T08:35:58ZJim Pingle
<ul><li><strong>Private</strong> changed from <i>Yes</i> to <i>No</i></li></ul> pfSense - Bug #7230: wizard.php - update_config_field() uses eval to set a value in a way that allows variable protections to be bypassedhttps://redmine.pfsense.org/issues/7230?journal_id=322922017-03-21T08:36:25ZJim Pingle
<ul><li><strong>Private</strong> changed from <i>No</i> to <i>Yes</i></li></ul> pfSense - Bug #7230: wizard.php - update_config_field() uses eval to set a value in a way that allows variable protections to be bypassedhttps://redmine.pfsense.org/issues/7230?journal_id=322982017-03-21T09:07:54ZJim Pingle
<ul><li><strong>Private</strong> changed from <i>Yes</i> to <i>No</i></li></ul>