summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorjim-p <jimp@pfsense.org>2014-11-04 12:43:24 -0500
committerjim-p <jimp@pfsense.org>2014-11-04 12:44:17 -0500
commit5711c44624369418de79fff3d81a4c7972fe8d8f (patch)
tree8d2dd6ac1dac56f18999a38071ede0ae4cfab1cb
parent935fcedbca2dbe8c3d9eb41bc5739b511a9ec19a (diff)
downloadpfsense-5711c44624369418de79fff3d81a4c7972fe8d8f.zip
pfsense-5711c44624369418de79fff3d81a4c7972fe8d8f.tar.gz
Catch some more sensitive info when sanitizing.
-rwxr-xr-xusr/local/www/status.php10
1 files changed, 10 insertions, 0 deletions
diff --git a/usr/local/www/status.php b/usr/local/www/status.php
index 625dd42..e6da599 100755
--- a/usr/local/www/status.php
+++ b/usr/local/www/status.php
@@ -65,6 +65,16 @@ function doCmdT($title, $command) {
$line = preg_replace("/<password>.*?<\\/password>/", "<password>xxxxx</password>", $line);
$line = preg_replace("/<pre-shared-key>.*?<\\/pre-shared-key>/", "<pre-shared-key>xxxxx</pre-shared-key>", $line);
$line = preg_replace("/<rocommunity>.*?<\\/rocommunity>/", "<rocommunity>xxxxx</rocommunity>", $line);
+ $line = preg_replace("/<prv>.*?<\\/prv>/", "<prv>xxxxx</prv>", $line);
+ $line = preg_replace("/<ipsecpsk>.*?<\\/ipsecpsk>/", "<ipsecpsk>xxxxx</ipsecpsk>", $line);
+ $line = preg_replace("/<md5-hash>.*?<\\/md5-hash>/", "<md5-hash>xxxxx</md5-hash>", $line);
+ $line = preg_replace("/<md5password>.*?<\\/md5password>/", "<md5password>xxxxx</md5password>", $line);
+ $line = preg_replace("/<nt-hash>.*?<\\/nt-hash>/", "<nt-hash>xxxxx</nt-hash>", $line);
+ $line = preg_replace("/<radius_secret>.*?<\\/radius_secret>/", "<radius_secret>xxxxx</radius_secret>", $line);
+ $line = preg_replace("/<ldap_bindpw>.*?<\\/ldap_bindpw>/", "<ldap_bindpw>xxxxx</ldap_bindpw>", $line);
+ $line = preg_replace("/<passwordagain>.*?<\\/passwordagain>/", "<passwordagain>xxxxx</passwordagain>", $line);
+ $line = preg_replace("/<crypto_password>.*?<\\/crypto_password>/", "<crypto_password>xxxxx</crypto_password>", $line);
+ $line = preg_replace("/<crypto_password2>.*?<\\/crypto_password2>/", "<crypto_password2>xxxxx</crypto_password2>", $line);
$line = str_replace("\t", " ", $line);
echo htmlspecialchars($line,ENT_NOQUOTES);
}
OpenPOWER on IntegriCloud