From 05103bacd070a7959f4c4c72bc377a7141c4739e Mon Sep 17 00:00:00 2001 From: Tom Eastep Date: Sun, 26 Jun 2011 07:45:09 -0700 Subject: [PATCH] Don't expand single-quoted .conf option values Signed-off-by: Tom Eastep --- Shorewall/Perl/Shorewall/Config.pm | 29 ++++++++++++----------------- 1 file changed, 12 insertions(+), 17 deletions(-) diff --git a/Shorewall/Perl/Shorewall/Config.pm b/Shorewall/Perl/Shorewall/Config.pm index ca517a688..743009b62 100644 --- a/Shorewall/Perl/Shorewall/Config.pm +++ b/Shorewall/Perl/Shorewall/Config.pm @@ -669,16 +669,10 @@ sub initialize( $ ) { $debug = 0; $confess = 0; - %params = ( root => '', - system => '', - command => '', - files => '', - destination => '' ); + %params = (); %compiler_params = (); - $compiler_params{$_} = 1 for keys %params; - @actparms = (); if ( $family == F_IPV4 ) { @@ -3037,9 +3031,9 @@ sub process_shorewall_conf( $$ ) { first_entry "Processing $file..."; # - # Don't expand shell variables if $update + # Don't expand shell variables or allow embedded scripting # - while ( read_a_line( 0,! $update ) ) { + while ( read_a_line( 0, 0 ) ) { if ( $currentline =~ /^\s*([a-zA-Z]\w*)=(.*?)\s*$/ ) { my ($var, $val) = ($1, $2); @@ -3060,14 +3054,15 @@ sub process_shorewall_conf( $$ ) { # # Now update the config file if asked # - if ( $update ) { - update_config_file( $annotate) if $update; - # - # Config file update requires that the option values not have - # Shell variables expanded. We do that now. - # - supplied $_ && expand_variables( $_ ) for values %config; - + update_config_file( $annotate) if $update; + # + # Config file update requires that the option values not have + # Shell variables expanded. We do that now. + # + for ( values %config ) { + if ( supplied $_ ) { + expand_variables( $_ ) unless /$'(.+)'$/; + } } }