4. Safe webGUI

Safe webGUI

  • D

    pfSense 2.0
    While booting pfSense, have error webgui starting, if any file '/usr/local/pkg/*.inc' contains php syntax error or function name
    duplication.

    This is /etc/inc/filter.inc

    
function discover_pkg_rules($ruletype) {
	global $config, $g, $aliases;

	/* Bail if there is no pkg directory, or if the package files might be out of sync. */
	if(!is_dir("/usr/local/pkg") || file_exists('/conf/needs_package_sync'))
		return "";

	$rules = "";
	$files = glob("/usr/local/pkg/*.inc");
	foreach($files as $pkg_inc) {
		update_filter_reload_status("Checking for {$ruletype} PF hooks in package {$pkg_inc}");
# here need safe >>
		require_once($pkg_inc);
		$pkg = basename($pkg_inc, ".inc");
		$pkg_generate_rules = "{$pkg}_generate_rules";
		if(function_exists($pkg_generate_rules)) {
			update_filter_reload_status("Processing early {$ruletype} rules for package {$pkg_inc}");
			$tmprules = $pkg_generate_rules("$ruletype");
			file_put_contents("{$g['tmp_path']}/rules.test.packages", $aliases . $tmprules);
			$status = mwexec("/sbin/pfctl -nf {$g['tmp_path']}/rules.test.packages");
			if ($status <> 0) {
				$errorrules = "There was an error while parsing the package filter rules for {$pkg_inc}.\n";
				log_error($errorrules);
				file_put_contents("{$g['tmp_path']}/rules.packages.{$pkg}", "#{$errorrules}\n");
				continue;
			}
			$rules .= $tmprules;
		}
# here need safe >>
	}
	return $rules;
}

    This is need safe code. Probably as here:

    
# here need safe >>
if (exec("php -l $pkg_inc") )  {
		require_once($pkg_inc);
                ...
}else {
# " package source $pkg_inc error "
... 
}
# here need safe >>

    Or other variant.

    Sorry for my English.
    Thanks.


    0
  • Rebel Alliance Developer Netgate

    That has always been the case, we have tried to ensure that no packages declare the same functions with the same name.

    Code to catch exceptions may prevent the execution from stopping but it would cause unpredictable behavior if two packages had functions with the same name but different functionality.

    0
  • D

    In the screenshot error matching function names, but it is not so common mistake. I'm talking about the need to check the syntax of the INC files before their inclusion.

    What do you think is needed?

    0
  • Rebel Alliance Developer Netgate

    Ah, yeah, I see what you mean now.

    I went ahead and opened ticket http://redmine.pfsense.org/issues/1310 for it.

    0
  • D

    Thank you for your work !!!

    0
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2019 Rubicon Communications, LLC | Privacy Policy