aboutsummaryrefslogtreecommitdiffstats
path: root/config/spamd
diff options
context:
space:
mode:
authorPiBa-NL <pba_2k3@yahoo.com>2014-10-02 21:41:50 +0200
committerPiBa-NL <pba_2k3@yahoo.comm>2015-02-24 21:09:52 +0100
commit7aac4188282948ac508a1fa3b625dbf514e9d0e4 (patch)
tree96b90c9b4a131bf5a2ad2e53dd3a1541d5396a12 /config/spamd
parentca670f24bdb0ec7488fbeeeaed14fc82f8e50a5e (diff)
downloadpfsense-packages-7aac4188282948ac508a1fa3b625dbf514e9d0e4.tar.gz
pfsense-packages-7aac4188282948ac508a1fa3b625dbf514e9d0e4.tar.bz2
pfsense-packages-7aac4188282948ac508a1fa3b625dbf514e9d0e4.zip
spamd, -fix 'add spamtrap'
-use exec() instead of exploding output of directly invoking a shell command
Diffstat (limited to 'config/spamd')
-rw-r--r--config/spamd/spamd_db.php54
1 files changed, 25 insertions, 29 deletions
diff --git a/config/spamd/spamd_db.php b/config/spamd/spamd_db.php
index b2c4c476..e1d004f7 100644
--- a/config/spamd/spamd_db.php
+++ b/config/spamd/spamd_db.php
@@ -43,6 +43,13 @@ if($_POST['limit'])
else
$limit = "25";
+if($_GET['spamtrapemail'])
+ $spamtrapemail = $_GET['spamtrapemail'];
+if($_POST['spamtrapemail'])
+ $spamtrapemail = $_POST['spamtrapemail'];
+if ($spamtrapemail)
+ $spamtrapemailarg = escapeshellarg($spamtrapemail);
+
/* handle AJAX operations */
if($_GET['action'] or $_POST['action']) {
/* echo back buttonid so it can be turned
@@ -50,60 +57,52 @@ if($_GET['action'] or $_POST['action']) {
*/
echo $_GET['buttonid'] . "|";
if($_GET['action'])
- $action = escapeshellarg($_GET['action']);
+ $action = $_GET['action'];
if($_POST['action'])
- $action = escapeshellarg($_POST['action']);
+ $action = $_POST['action'];
if($_GET['srcip'])
$srcip = $_GET['srcip'];
if($_POST['srcip'])
$srcip = $_POST['srcip'];
- if($_GET['spamtrapemail'])
- $spamtrapemail = escapeshellarg($_GET['spamtrapemail']);
- if($_POST['spamtrapemail'])
- $spamtrapemail = escapeshellarg($_POST['spamtrapemail']);
$srcip = str_replace("<","",$srcip);
$srcip = str_replace(">","",$srcip);
$srcip = str_replace(" ","",$srcip);
// Make input safe
$srcip = escapeshellarg($srcip);
/* execute spamdb command */
- if($action == "'whitelist'") {
+ if($action == "whitelist") {
exec("/usr/local/sbin/spamdb -d {$srcip} -T");
exec("/usr/local/sbin/spamdb -d {$srcip} -t");
delete_from_blacklist($srcip);
mwexec("/sbin/pfctl -q -t blacklist -T replace -f /var/db/blacklist.txt");
exec("echo spamdb -a {$srcip} > /tmp/tmp");
exec("/usr/local/sbin/spamdb -a {$srcip}");
- } else if($action == "'delete'") {
+ } else if($action == "delete") {
exec("/usr/local/sbin/spamdb -d {$srcip}");
exec("/usr/local/sbin/spamdb -d {$srcip} -T");
exec("/usr/local/sbin/spamdb -d {$srcip} -t");
delete_from_blacklist($srcip);
mwexec("/sbin/pfctl -q -t spamd -T delete $srcip");
mwexec("/sbin/pfctl -q -t blacklist -T replace -f /var/db/blacklist.txt");
- } else if($action == "'trapped'") {
+ } else if($action == "trapped") {
exec("/usr/local/sbin/spamdb -d {$srcip}");
exec("/usr/local/sbin/spamdb -d {$srcip}");
exec("/usr/local/sbin/spamdb -d -t {$srcip}");
exec("/usr/local/sbin/spamdb -a -t {$srcip}");
- } else if($action == "'spamtrap'") {
- exec("/usr/local/sbin/spamdb -a -T {$spamtrapemail}");
+ } else if($action == "spamtrap") {
+ exec("/usr/local/sbin/spamdb -a -T {$spamtrapemailarg}");
}
/* signal a reload for real time effect. */
mwexec("killall -HUP spamlogd");
exit;
}
-/* spam trap e-mail address */
-if($_POST['spamtrapemail'] <> "") {
- $spamtrapemail = escapeshellarg($_POST['spamtrapemail']);
- exec("/usr/local/sbin/spamdb -d {$spamtrapemail}");
- exec("/usr/local/sbin/spamdb -d -T {$spamtrapemail}");
- exec("/usr/local/sbin/spamdb -d -t {$spamtrapemail}");
- exec("/usr/local/sbin/spamdb -T -a '{$toaddress}'");
+/* spam trap e-mail address */
+if($spamtrapemail <> "") {
+ exec("spamdb -T -a {$spamtrapemailarg}");
mwexec("killall -HUP spamlogd");
- $savemsg = htmlentities($_POST['spamtrapemail']) . " added to spam trap database.";
+ $savemsg = htmlentities($spamtrapemail) . " added to spam trap database.";
}
if($_GET['getstatus'] <> "") {
@@ -124,8 +123,7 @@ if($_GET['getstatus'] <> "") {
/* spam trap e-mail address */
if($_GET['spamtrapemail'] <> "") {
- $spamtrapemail = escapeshellarg($_GET['spamtrapemail']);
- $status = exec("spamdb -T -a {$spamtrapemail}");
+ $status = exec("spamdb -T -a {$spamtrapemailarg}");
mwexec("killall -HUP spamlogd");
if($status)
echo $status;
@@ -329,25 +327,23 @@ if (typeof getURL == 'undefined') {
if($filter) {
if($not) {
$fd = fopen("/tmp/spamdb", "w");
- $cmd = "/usr/local/sbin/spamdb | grep -v \"" . escapeshellarg($filter) . "\" | tail -n {$limit}";
+ $cmd = "/usr/local/sbin/spamdb | grep -v " . escapeshellarg($filter) . " | tail -n {$limit}";
fwrite($fd, $cmd);
fclose($fd);
- $pkgdb = explode("\n", `$cmd`);
+ exec($cmd, $pkgdb);
if(file_exists("/var/db/blacklist.txt")) {
$cmd = "cat /var/db/blacklist.txt | grep -v \"" . escapeshellarg($filter) . "\" ";
- $pkgdba = explode("\n", `$cmd`);
+ exec($cmd, $pkgdba);
foreach($pkgdba as $pkg) {
$pkgdb[] = "TRAPPED|{$pkg}|1149324397";
}
}
} else {
-
$cmd = "/usr/local/sbin/spamdb | grep " . escapeshellarg($filter) . " | tail -n {$limit}";
-
- $pkgdb = explode("\n", `$cmd`);
+ exec($cmd, $pkgdb);
if(file_exists("/var/db/blacklist.txt")) {
$cmd = "cat /var/db/blacklist.txt | grep " . escapeshellarg($filter);
- $pkgdba = explode("\n", `$cmd`);
+ exec($cmd, $pkgdba);
foreach($pkgdba as $pkg) {
$pkgdb[] = "TRAPPED|{$pkg}|1149324397";
}
@@ -355,7 +351,7 @@ if (typeof getURL == 'undefined') {
}
}
} else {
- $pkgdb = explode("\n", `/usr/local/sbin/spamdb | tail -n {$limit}`);
+ exec("/usr/local/sbin/spamdb | tail -n {$limit}", $pkgdb);
}
$rows = 0;
$lastseenip = "";