diff options
-rw-r--r-- | www/pfSense-pkg-squid/Makefile | 3 | ||||
-rw-r--r-- | www/pfSense-pkg-squid/files/usr/local/www/squid_clwarn.php | 22 | ||||
-rw-r--r-- | www/pfSense-pkg-squid/files/usr/local/www/squid_monitor_data.php | 8 |
3 files changed, 20 insertions, 13 deletions
diff --git a/www/pfSense-pkg-squid/Makefile b/www/pfSense-pkg-squid/Makefile index dfbfaba..4ded8d6 100644 --- a/www/pfSense-pkg-squid/Makefile +++ b/www/pfSense-pkg-squid/Makefile @@ -1,8 +1,7 @@ # $FreeBSD$ PORTNAME= pfSense-pkg-squid -PORTVERSION= 0.4.16 -PORTREVISION= 2 +PORTVERSION= 0.4.17 CATEGORIES= www MASTER_SITES= # empty DISTFILES= # empty diff --git a/www/pfSense-pkg-squid/files/usr/local/www/squid_clwarn.php b/www/pfSense-pkg-squid/files/usr/local/www/squid_clwarn.php index 5ddf817..b6faf86 100644 --- a/www/pfSense-pkg-squid/files/usr/local/www/squid_clwarn.php +++ b/www/pfSense-pkg-squid/files/usr/local/www/squid_clwarn.php @@ -28,10 +28,19 @@ POSSIBILITY OF SUCH DAMAGE. */ $VERSION = '6.10'; -$url = $_REQUEST['url']; +$url = htmlspecialchars($_REQUEST['url']); $virus = ($_REQUEST['virus'] ? $_REQUEST['virus'] : $_REQUEST['malware']); -$source = preg_replace("@/-@", "", $_REQUEST['source']); -$user = $_REQUEST['user']; + +// Remove clamd infos +$vp[0]="/stream: /"; +$vp[1]="/ FOUND/"; +$vr[0]=""; +$vr[1]=""; + +$virus = htmlspecialchars(preg_replace($vp, $vr, $virus)); + +$source = htmlspecialchars(preg_replace("@/-@", "", $_REQUEST['source'])); +$user = htmlspecialchars($_REQUEST['user']); $TITLE_VIRUS = "SquidClamav $VERSION: Virus detected!"; $subtitle = 'Virus name'; @@ -44,13 +53,6 @@ if (preg_match("/Safebrowsing/", $virus)) { $errorreturn = 'This page cannot be displayed'; } -// Remove clamd infos -$vp[0]="/stream: /"; -$vp[1]="/ FOUND/"; -$vr[0]=""; -$vr[1]=""; - -$virus = preg_replace($vp, $vr, $virus); error_log(date("Y-m-d H:i:s") . " | VIRUS FOUND | " . $virus . " | " . $url . " | " . $source . " | " . $user . "\n", 3, "/var/log/c-icap/virus.log"); ?> diff --git a/www/pfSense-pkg-squid/files/usr/local/www/squid_monitor_data.php b/www/pfSense-pkg-squid/files/usr/local/www/squid_monitor_data.php index 66695d3..668fda6 100644 --- a/www/pfSense-pkg-squid/files/usr/local/www/squid_monitor_data.php +++ b/www/pfSense-pkg-squid/files/usr/local/www/squid_monitor_data.php @@ -140,7 +140,13 @@ if ($_POST) { $logline = preg_split("/\|/", $logent); // Apply time format - $logline[0] = date("d.m.Y H:i:s", strtotime($logline[0])); + $logline[0] = htmlspecialchars(date("d.m.Y H:i:s", strtotime($logline[0]))); + + // Don't trust these fields + $logline[1] = htmlentities($logline[1]); + $logline[2] = htmlentities($logline[2]); + $logline[4] = htmlentities($logline[4]); + $logline[5] = htmlentities($logline[5]); // Word wrap the URL $logline[3] = htmlentities($logline[3]); |