diff options
| author | Scott Ullrich <sullrich@pfsense.org> | 2008-02-12 04:33:24 +0000 |
|---|---|---|
| committer | Scott Ullrich <sullrich@pfsense.org> | 2008-02-12 04:33:24 +0000 |
| commit | b5aebbf5d1459c429b60fabac0c726a04700bdca (patch) | |
| tree | aeac0b4d2f12b565f8670163b4b8d97a2fd5d75f | |
| parent | 6c13d551825b1102baa3371a9d9da36d2c6467b5 (diff) | |
| download | pfsense-b5aebbf5d1459c429b60fabac0c726a04700bdca.zip pfsense-b5aebbf5d1459c429b60fabac0c726a04700bdca.tar.gz | |
Make scripts XSS input safe.
Pointed-out: by hoopercharles@gmail.com
| -rwxr-xr-x | usr/local/www/pkg.php | 4 | ||||
| -rwxr-xr-x | usr/local/www/pkg_edit.php | 11 | ||||
| -rwxr-xr-x | usr/local/www/pkg_mgr.php | 2 | ||||
| -rwxr-xr-x | usr/local/www/pkg_mgr_install.php | 30 | ||||
| -rwxr-xr-x | usr/local/www/services_dhcp_edit.php | 5 | ||||
| -rwxr-xr-x | usr/local/www/wizard.php | 11 |
6 files changed, 28 insertions, 35 deletions
diff --git a/usr/local/www/pkg.php b/usr/local/www/pkg.php index 7a48c20..602daf3 100755 --- a/usr/local/www/pkg.php +++ b/usr/local/www/pkg.php @@ -39,7 +39,7 @@ function gentitle_pkg($pgname) { return $config['system']['hostname'] . "." . $config['system']['domain'] . " - " . $pgname; } -$xml = $_GET['xml']; +$xml = htmlspecialchars($_GET['xml']); if($xml == "") { print_info_box_np(gettext("ERROR: No package defined.")); @@ -108,7 +108,7 @@ include("fbegin.inc"); ?> <p class="pgtitle"><?=$pgtitle?></p> <form action="pkg.php" method="post"> -<? if($_GET['savemsg'] <> "") $savemsg = $_GET['savemsg']; ?> +<? if($_GET['savemsg'] <> "") $savemsg = htmlspecialchars($_GET['savemsg']); ?> <?php if ($savemsg) print_info_box($savemsg); ?> <table width="100%" border="0" cellpadding="0" cellspacing="0"> <?php diff --git a/usr/local/www/pkg_edit.php b/usr/local/www/pkg_edit.php index 0508f89..36c4b1b 100755 --- a/usr/local/www/pkg_edit.php +++ b/usr/local/www/pkg_edit.php @@ -39,9 +39,8 @@ function gentitle_pkg($pgname) { return $pfSense_config['system']['hostname'] . "." . $pfSense_config['system']['domain'] . " - " . $pgname; } -// XXX: Make this input safe. -$xml = $_GET['xml']; -if($_POST['xml']) $xml = $_POST['xml']; +$xml = htmlspecialchars($_GET['xml']); +if($_POST['xml']) $xml = htmlspecialchars($_POST['xml']); if($xml == "") { print_info_box_np(gettext("ERROR: No package defined.")); @@ -66,9 +65,9 @@ $name = $pkg['name']; $title = $pkg['title']; $pgtitle = $title; -$id = $_GET['id']; +$id = htmlspecialchars($_GET['id']); if (isset($_POST['id'])) - $id = $_POST['id']; + $id = htmlspecialchars($_POST['id']); if($pkg['custom_php_global_functions'] <> "") eval($pkg['custom_php_global_functions']); @@ -80,7 +79,7 @@ if(!is_array($config['installedpackages'][xml_safe_fieldname($pkg['name'])]['con $a_pkg = &$config['installedpackages'][xml_safe_fieldname($pkg['name'])]['config']; if($_GET['savemsg'] <> "") - $savemsg = $_GET['savemsg']; + $savemsg = htmlspecialchars($_GET['savemsg']); if($pkg['custom_php_command_before_form'] <> "") eval($pkg['custom_php_command_before_form']); diff --git a/usr/local/www/pkg_mgr.php b/usr/local/www/pkg_mgr.php index f9968ef..f6c9f0f 100755 --- a/usr/local/www/pkg_mgr.php +++ b/usr/local/www/pkg_mgr.php @@ -48,7 +48,7 @@ if($pkg_info) { if (! empty($_GET)) { if (isset($_GET['ver'])) { - $requested_version = $_GET['ver']; + $requested_version = htmlspecialchars($_GET['ver']); } } diff --git a/usr/local/www/pkg_mgr_install.php b/usr/local/www/pkg_mgr_install.php index 4a7350f..07c28ff 100755 --- a/usr/local/www/pkg_mgr_install.php +++ b/usr/local/www/pkg_mgr_install.php @@ -117,30 +117,30 @@ sync_webgui_passwords(); switch($_GET['mode']) { case "delete": - $id = get_pkg_id($_GET['pkg']); + $id = get_pkg_id(htmlspecialchars($_GET['pkg'])); $todel = substr(reverse_strrchr($config['installedpackages']['package'][$id]['depends_on_package'], "."), 0, -1); - delete_package($todel, $_GET['pkg']); - delete_package_xml($_GET['pkg']); + delete_package($todel, htmlspecialchars($_GET['pkg'])); + delete_package_xml(htmlspecialchars($_GET['pkg'])); update_status("Package deleted."); $static_output .= "\nPackage deleted."; update_output_window($static_output); break; case "reinstallpkg": - $id = get_pkg_id($_GET['pkg']); + $id = get_pkg_id(htmlspecialchars($_GET['pkg'])); $todel = substr(reverse_strrchr($config['installedpackages']['package'][$id]['depends_on_package'], "."), 0, -1); - delete_package($todel, $_GET['pkg']); - delete_package_xml($_GET['pkg']); - install_package($_GET['pkg']); + delete_package($todel, htmlspecialchars($_GET['pkg'])); + delete_package_xml(htmlspecialchars($_GET['pkg'])); + install_package(htmlspecialchars($_GET['pkg'])); update_status("Package reinstalled."); $static_output .= "\n\nPackage reinstalled."; - start_service($_GET['pkg']); + start_service(htmlspecialchars($_GET['pkg'])); update_output_window($static_output); break; case "reinstallxml": - delete_package_xml($_GET['pkg']); - install_package($_GET['pkg']); + delete_package_xml(htmlspecialchars($_GET['pkg'])); + install_package(htmlspecialchars($_GET['pkg'])); $static_output .= "\n\nPackage reinstalled."; - start_service($_GET['pkg']); + start_service(htmlspecialchars($_GET['pkg'])); update_output_window($static_output); break; case "reinstallall": @@ -158,16 +158,16 @@ switch($_GET['mode']) { } update_status("All packages reinstalled."); $static_output .= "\n\nAll packages reinstalled."; - start_service($_GET['pkg']); + start_service(htmlspecialchars($_GET['pkg'])); update_output_window($static_output); break; default: - $status = install_package($_GET['id']); + $status = install_package(htmlspecialchars($_GET['id'])); if($status == -1) { - update_status("Installation of {$_GET['id']} FAILED!"); + update_status("Installation of " . htmlspecialchars($_GET['id']) . " FAILED!"); $static_output .= "\n\nInstallation halted."; } else { - update_status("Installation of {$_GET['id']} completed."); + update_status("Installation of " . $_GET['id'] ." completed."); $static_output .= "\n\nInstallation completed. Please check to make sure that the package is configured from the respective menu then start the package."; } update_output_window($static_output); diff --git a/usr/local/www/services_dhcp_edit.php b/usr/local/www/services_dhcp_edit.php index d8d83c7..1948e7e 100755 --- a/usr/local/www/services_dhcp_edit.php +++ b/usr/local/www/services_dhcp_edit.php @@ -109,11 +109,6 @@ if ($_POST) { $dynsubnet_end = ip2long($config['dhcpd'][$if]['range']['to']); $lansubnet_start = (ip2long($ifcfg['ipaddr']) & gen_subnet_mask_long($ifcfg['subnet'])); $lansubnet_end = (ip2long($ifcfg['ipaddr']) | (~gen_subnet_mask_long($ifcfg['subnet']))); - - if ((ip2long($_POST['ipaddr']) >= $dynsubnet_start) && - (ip2long($_POST['ipaddr']) <= $dynsubnet_end)) { - $input_errors[] = "Static IP address falls within the dynamic client range."; - } if ((ip2long($_POST['ipaddr']) < $lansubnet_start) || (ip2long($_POST['ipaddr']) > $lansubnet_end)) { $input_errors[] = "The IP address must lie in the {$ifcfg['descr']} subnet."; diff --git a/usr/local/www/wizard.php b/usr/local/www/wizard.php index a0c324e..3822a63 100755 --- a/usr/local/www/wizard.php +++ b/usr/local/www/wizard.php @@ -36,12 +36,11 @@ function gentitle_pkg($pgname) { $stepid = $_GET['stepid']; if (isset($_POST['stepid'])) - $stepid = $_POST['stepid']; + $stepid = htmlspecialchars($_POST['stepid']); if (!$stepid) $stepid = "0"; -// XXX: Make this input safe. -$xml = $_GET['xml']; -if($_POST['xml']) $xml = $_POST['xml']; +$xml = htmlspecialchars($_GET['xml']); +if($_POST['xml']) $xml = htmlspecialchars($_POST['xml']); if($xml == "") { $xml = "not_defined"; @@ -232,9 +231,9 @@ function enablechange() { <tr><td colspan='2'> <?php if ($_GET['message'] != "") - print_info_box($_GET['message']); + print_info_box(htmlspecialchars($_GET['message'])); if ($_POST['message'] != "") - print_info_box($_POST['message']); + print_info_box(htmlspecialchars($_POST['message'])); ?></td></tr> <tr><td colspan='2'><center><b><?= fixup_string($description) ?></b></center></td></tr><tr><td> </td></tr> <?php |
