diff options
| author | Scott Ullrich <sullrich@pfsense.org> | 2008-04-17 23:24:12 +0000 |
|---|---|---|
| committer | Scott Ullrich <sullrich@pfsense.org> | 2008-04-17 23:24:12 +0000 |
| commit | 7417b3066972831f7d9e6aa9c561064158c4cf5c (patch) | |
| tree | 7609bb1e01a222c585f62dbfe36e324a9a08733c /packages/spamd_db.php | |
| parent | 8fa10e549a924194b1997a28449892e117b1c1f3 (diff) | |
| download | pfsense-packages-7417b3066972831f7d9e6aa9c561064158c4cf5c.tar.gz pfsense-packages-7417b3066972831f7d9e6aa9c561064158c4cf5c.tar.bz2 pfsense-packages-7417b3066972831f7d9e6aa9c561064158c4cf5c.zip | |
* General cleanups
* Update (C)
Diffstat (limited to 'packages/spamd_db.php')
| -rw-r--r-- | packages/spamd_db.php | 27 |
1 files changed, 16 insertions, 11 deletions
diff --git a/packages/spamd_db.php b/packages/spamd_db.php index 987d2948..4250a17f 100644 --- a/packages/spamd_db.php +++ b/packages/spamd_db.php @@ -45,13 +45,13 @@ if($_GET['action'] or $_POST['action']) { */ echo $_GET['buttonid'] . "|"; if($_GET['action']) - $action = $_GET['action']; + $action = escapeshellarg($_GET['action']); if($_POST['action']) - $action = $_POST['action']; + $action = escapeshellarg($_POST['action']); if($_GET['srcip']) - $srcip = $_GET['srcip']; + $srcip = escapeshellarg($_GET['srcip']); if($_POST['srcip']) - $srcip = $_POST['srcip']; + $srcip = escapeshellarg($_POST['srcip']); $srcip = str_replace("<","",$srcip); $srcip = str_replace(">","",$srcip); $srcip = str_replace(" ","",$srcip); @@ -91,9 +91,13 @@ if($_GET['action'] or $_POST['action']) { /* spam trap e-mail address */ if($_POST['spamtrapemail'] <> "") { - mwexec("/usr/local/sbin/spamdb -T -a \"{$_POST['spamtrapemail']}\""); + $spamtrapemail = escapeshellarg($_POST['spamtrapemail']); + exec("/usr/local/sbin/spamdb -d {$spamtrapemail}"); + exec("/usr/local/sbin/spamdb -d -T \"{$spamtrapemail}\""); + exec("/usr/local/sbin/spamdb -d -t \"{$spamtrapemail}\""); + mwexec("/usr/local/sbin/spamdb -T -a \"{$spamtrapemail}\""); mwexec("killall -HUP spamlogd"); - $savemsg = $_POST['spamtrapemail'] . " added to spam trap database."; + $savemsg = htmlentities($_POST['spamtrapemail']) . " added to spam trap database."; } if($_GET['getstatus'] <> "") { @@ -114,27 +118,28 @@ if($_GET['getstatus'] <> "") { /* spam trap e-mail address */ if($_GET['spamtrapemail'] <> "") { - $status = exec("spamdb -T -a \"{$_GET['spamtrapemail']}\""); + $spamtrapemail = escapeshellarg($_GET['spamtrapemail']); + $status = exec("spamdb -T -a \"{$spamtrapemail}\""); mwexec("killall -HUP spamlogd"); if($status) echo $status; else - echo $_POST['spamtrapemail'] . " added to spam trap database."; + echo htmlentities($_POST['spamtrapemail']) . " added to spam trap database."; exit; } /* spam trap e-mail address */ if($_GET['whitelist'] <> "") { - $status = exec("spamdb -a \"{$_GET['spamtrapemail']}\""); + $spamtrapemail = escapeshellarg($_GET['spamtrapemail']); + $status = exec("spamdb -a \"{$spamtrapemail}\""); mwexec("killall -HUP spamlogd"); if($status) echo $status; else - echo $_POST['spamtrapemail'] . " added to whitelist database."; + echo htmlentities($_POST['spamtrapemail']) . " added to whitelist database."; exit; } - function delete_from_blacklist($srcip) { config_lock(); $blacklist = split("\n", file_get_contents("/var/db/blacklist.txt")); |