diff options
author | Scott Ullrich <sullrich@pfsense.org> | 2008-07-15 22:28:35 +0000 |
---|---|---|
committer | Scott Ullrich <sullrich@pfsense.org> | 2008-07-15 22:28:35 +0000 |
commit | edb2662cbbfec2e1ce4ae683ed2868e1f2175f39 (patch) | |
tree | 2840f5ab50141d98a8aa1c6ae59b524c10ed29f1 | |
parent | b3b190cab5ebc835ab3d6d34941844b8da23f574 (diff) | |
download | pfsense-packages-edb2662cbbfec2e1ce4ae683ed2868e1f2175f39.tar.gz pfsense-packages-edb2662cbbfec2e1ce4ae683ed2868e1f2175f39.tar.bz2 pfsense-packages-edb2662cbbfec2e1ce4ae683ed2868e1f2175f39.zip |
Cleanup a bit.
-rw-r--r-- | packages/spamd_db.php | 10 |
1 files changed, 5 insertions, 5 deletions
diff --git a/packages/spamd_db.php b/packages/spamd_db.php index 10cf7a26..5acc093f 100644 --- a/packages/spamd_db.php +++ b/packages/spamd_db.php @@ -35,7 +35,7 @@ if($_POST['filter']) if($_POST['not']) $not = true; if($_POST['limit']) - $limit = $_POST['limit']; + $limit = intval($_POST['limit']); else $limit = "25"; @@ -321,12 +321,12 @@ if (typeof getURL == 'undefined') { if($filter) { if($not) { $fd = fopen("/tmp/spamdb", "w"); - $cmd = "/usr/local/sbin/spamdb | grep -v \"" . $filter . "\" | tail -n {$limit}"; + $cmd = "/usr/local/sbin/spamdb | grep -v \"" . escapeshellarg($filter) . "\" | tail -n {$limit}"; fwrite($fd, $cmd); fclose($fd); $pkgdb = split("\n", `$cmd`); if(file_exists("/var/db/blacklist.txt")) { - $cmd = "cat /var/db/blacklist.txt | grep -v \"" . $filter . "\" "; + $cmd = "cat /var/db/blacklist.txt | grep -v \"" . escapeshellarg($filter) . "\" "; $pkgdba = split("\n", `$cmd`); foreach($pkgdba as $pkg) { $pkgdb[] = "TRAPPED|{$pkg}|1149324397"; @@ -334,11 +334,11 @@ if (typeof getURL == 'undefined') { } } else { - $cmd = "/usr/local/sbin/spamdb | grep \"{$filter}\" | tail -n {$limit}"; + $cmd = "/usr/local/sbin/spamdb | grep " . escapeshellarg($filter) . " | tail -n {$limit}"; $pkgdb = split("\n", `$cmd`); if(file_exists("/var/db/blacklist.txt")) { - $cmd = "cat /var/db/blacklist.txt | grep \"{$filter}\" "; + $cmd = "cat /var/db/blacklist.txt | grep " . escapeshellarg($filter); $pkgdba = split("\n", `$cmd`); foreach($pkgdba as $pkg) { $pkgdb[] = "TRAPPED|{$pkg}|1149324397"; |