Fix misc XSS issues from davey b

7 files changed, 22 insertions, 22 deletions

diff --git a/usr/local/www/diag_logs.php b/usr/local/www/diag_logs.php
index 145d480..35b6231 100755
--- a/usr/local/www/diag_logs.php
+++ b/usr/local/www/diag_logs.php
@@ -54,10 +54,10 @@ if ($_POST['clear'])
 	clear_log_file($system_logfile);
 
 if ($_GET['filtertext'])
-	$filtertext = $_GET['filtertext'];
+	$filtertext = htmlspecialchars($_GET['filtertext']);
 
 if ($_POST['filtertext'])
-	$filtertext = $_POST['filtertext'];
+	$filtertext = htmlspecialchars($_POST['filtertext']);
 
 if ($filtertext)
 	$filtertextmeta="?filtertext=$filtertext";
diff --git a/usr/local/www/diag_logs_filter.php b/usr/local/www/diag_logs_filter.php
index 02b2591..025a7a3 100755
--- a/usr/local/www/diag_logs_filter.php
+++ b/usr/local/www/diag_logs_filter.php
@@ -73,9 +73,9 @@ if($_GET['dnsip'] or $_POST['dnsip']) {
 $filtertext = "";
 if($_GET['filtertext'] or $_POST['filtertext']) {
 	if($_GET['filtertext'])
-		$filtertext = $_GET['filtertext'];
+		$filtertext = htmlspecialchars($_GET['filtertext']);
 	if($_POST['filtertext'])
-		$filtertext = $_POST['filtertext'];
+		$filtertext = htmlspecialchars($_POST['filtertext']);
 }
 
 $filter_logfile = "{$g['varlog_path']}/filter.log";
diff --git a/usr/local/www/diag_logs_vpn.php b/usr/local/www/diag_logs_vpn.php
index 36bdb58..adef3e1 100755
--- a/usr/local/www/diag_logs_vpn.php
+++ b/usr/local/www/diag_logs_vpn.php
@@ -49,8 +49,8 @@ $nentries = $config['syslog']['nentries'];
 if (!$nentries)
 	$nentries = 50;
 
-$vpntype = ($_GET['vpntype']) ? $_GET['vpntype'] : "pptp";
-$mode = ($_GET['mode']) ? $_GET['mode'] : "login";
+$vpntype = (htmlspecialchars($_GET['vpntype'])) ? htmlspecialchars($_GET['vpntype']) : "pptp";
+$mode = (htmlspecialchars($_GET['mode'])) ? htmlspecialchars($_GET['mode']) : "login";
 
 if ($_POST['clear']) 
 	clear_log_file("/var/log/vpn.log");
diff --git a/usr/local/www/firewall_shaper.php b/usr/local/www/firewall_shaper.php
index 7de18d1..f3cdbab 100755
--- a/usr/local/www/firewall_shaper.php
+++ b/usr/local/www/firewall_shaper.php
@@ -65,17 +65,17 @@ if ($_GET) {
 	if ($_GET['queue'])
         	$qname = trim($_GET['queue']);
         if ($_GET['interface'])
-                $interface = trim($_GET['interface']);
+                $interface = htmlspecialchars(trim($_GET['interface']));
         if ($_GET['action'])
-                $action = $_GET['action'];
+                $action = htmlspecialchars($_GET['action']);
 }
 if ($_POST) {
 	if ($_POST['name'])
-        	$qname = trim($_POST['name']);
+        	$qname = htmlspecialchars(trim($_POST['name']));
         if ($_POST['interface'])
-                $interface = trim($_POST['interface']);
+                $interface = htmlspecialchars(trim($_POST['interface']));
 	if ($_POST['parentqueue'])
-		$parentqueue = trim($_POST['parentqueue']);
+		$parentqueue = htmlspecialchars(trim($_POST['parentqueue']));
 }
 
 if ($interface) {
diff --git a/usr/local/www/firewall_shaper_vinterface.php b/usr/local/www/firewall_shaper_vinterface.php
index 52f8698..865f048 100644
--- a/usr/local/www/firewall_shaper_vinterface.php
+++ b/usr/local/www/firewall_shaper_vinterface.php
@@ -62,21 +62,21 @@ read_dummynet_config();
 
 if ($_GET) {
 	if ($_GET['queue'])
-        	$qname = trim($_GET['queue']);
+        	$qname = htmlspecialchars(trim($_GET['queue']));
         if ($_GET['pipe'])
-                $pipe = trim($_GET['pipe']);
+                $pipe = htmlspecialchars(trim($_GET['pipe']));
         if ($_GET['action'])
-                $action = $_GET['action'];
+                $action = htmlspecialchars($_GET['action']);
 }
 if ($_POST) {
 	if ($_POST['name'])
-        	$qname = trim($_POST['name']);
+        	$qname = htmlspecialchars(trim($_POST['name']));
         if ($_POST['pipe'])
-        	$pipe = trim($_POST['pipe']);
+        	$pipe = htmlspecialchars(trim($_POST['pipe']));
 	else
-		$pipe = trim($_POST['name']);
+		$pipe = htmlspecialchars(trim($_POST['name']));
 	if ($_POST['parentqueue'])
-		$parentqueue = trim($_POST['parentqueue']);
+		$parentqueue = htmlspecialchars(trim($_POST['parentqueue']));
 }
 
 if ($pipe) {
diff --git a/usr/local/www/status_dhcp_leases.php b/usr/local/www/status_dhcp_leases.php
index f7981c8..dd2a0db 100755
--- a/usr/local/www/status_dhcp_leases.php
+++ b/usr/local/www/status_dhcp_leases.php
@@ -393,7 +393,7 @@ foreach ($leases as $data) {
 </table>
 <p>
 <form action="status_dhcp_leases.php" method="GET">
-<input type="hidden" name="order" value="<?=$_GET['order'];?>">
+<input type="hidden" name="order" value="<?=htmlspecialchars($_GET['order']);?>">
 <?php if ($_GET['all']): ?>
 <input type="hidden" name="all" value="0">
 <input type="submit" class="formbtn" value="<?=gettext("Show active and static leases only"); ?>">
diff --git a/usr/local/www/status_services.php b/usr/local/www/status_services.php
index 97aa1ce..779e396 100755
--- a/usr/local/www/status_services.php
+++ b/usr/local/www/status_services.php
@@ -104,7 +104,7 @@ if($_GET['mode'] == "restartservice" and !empty($_GET['service'])) {
 			restart_service($_GET['service']);
 			break;
 	}
-	$savemsg = sprintf(gettext("%s has been restarted."),$_GET['service']);
+	$savemsg = sprintf(gettext("%s has been restarted."),htmlspecialchars($_GET['service']));
 	sleep(5);
 }
 
@@ -148,7 +148,7 @@ if($_GET['mode'] == "startservice" and !empty($_GET['service'])) {
 			start_service($_GET['service']);
 			break;
 	}
-	$savemsg = sprintf(gettext("%s has been started."),$_GET['service']);
+	$savemsg = sprintf(gettext("%s has been started."),htmlspecialchars($_GET['service']));
 	sleep(5);
 }
 
@@ -203,7 +203,7 @@ if($_GET['mode'] == "stopservice" && !empty($_GET['service'])) {
 			stop_service($_GET['service']);
 			break;
 	}
-	$savemsg = sprintf(gettext("%s has been stopped."), $_GET['service']);
+	$savemsg = sprintf(gettext("%s has been stopped."), htmlspecialchars($_GET['service']));
 	sleep(5);
 }