summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorRenato Botelho <garga@FreeBSD.org>2014-03-12 11:35:57 -0300
committerRenato Botelho <garga@FreeBSD.org>2014-03-12 11:42:32 -0300
commit0e6cf71b17cc57c40aebc64359c1a27e2515b7b7 (patch)
tree8e409a77838a21da4644e4d3f39d05acf17a4952
parent3b77ba4a2a96a388682d564c3b9b7517bbbfdb21 (diff)
downloadpfsense-0e6cf71b17cc57c40aebc64359c1a27e2515b7b7.zip
pfsense-0e6cf71b17cc57c40aebc64359c1a27e2515b7b7.tar.gz
Improve checks for params 'id', 'dup' and other similar ones to make sure they are numeric integer, also, pass them through htmlspecialchars() before print
-rwxr-xr-xusr/local/www/firewall_aliases_edit.php5
-rwxr-xr-xusr/local/www/firewall_nat_1to1_edit.php5
-rwxr-xr-xusr/local/www/firewall_nat_edit.php19
-rw-r--r--usr/local/www/firewall_nat_npt_edit.php5
-rwxr-xr-xusr/local/www/firewall_nat_out_edit.php23
-rwxr-xr-xusr/local/www/firewall_rules_edit.php21
-rw-r--r--usr/local/www/firewall_schedule_edit.php6
-rwxr-xr-xusr/local/www/firewall_virtual_ip.php4
-rwxr-xr-xusr/local/www/firewall_virtual_ip_edit.php6
-rwxr-xr-xusr/local/www/interfaces.php2
-rw-r--r--usr/local/www/interfaces_bridge_edit.php5
-rw-r--r--usr/local/www/interfaces_gif_edit.php6
-rw-r--r--usr/local/www/interfaces_gre_edit.php6
-rwxr-xr-xusr/local/www/interfaces_groups_edit.php4
-rw-r--r--usr/local/www/interfaces_lagg_edit.php5
-rw-r--r--usr/local/www/interfaces_ppps_edit.php5
-rwxr-xr-xusr/local/www/interfaces_qinq_edit.php5
-rwxr-xr-xusr/local/www/interfaces_vlan_edit.php5
-rw-r--r--usr/local/www/interfaces_wireless_edit.php5
-rwxr-xr-xusr/local/www/load_balancer_monitor_edit.php6
-rwxr-xr-xusr/local/www/load_balancer_pool_edit.php6
-rwxr-xr-xusr/local/www/load_balancer_relay_action_edit.php6
-rwxr-xr-xusr/local/www/load_balancer_relay_protocol_edit.php6
-rwxr-xr-xusr/local/www/load_balancer_virtual_server_edit.php6
-rwxr-xr-xusr/local/www/services_captiveportal.php2
-rwxr-xr-xusr/local/www/services_captiveportal_filemanager.php2
-rwxr-xr-xusr/local/www/services_captiveportal_hostname.php2
-rwxr-xr-xusr/local/www/services_captiveportal_hostname_edit.php5
-rwxr-xr-xusr/local/www/services_captiveportal_ip.php2
-rwxr-xr-xusr/local/www/services_captiveportal_ip_edit.php5
-rwxr-xr-xusr/local/www/services_captiveportal_mac.php2
-rwxr-xr-xusr/local/www/services_captiveportal_mac_edit.php5
-rw-r--r--usr/local/www/services_captiveportal_vouchers.php2
-rw-r--r--usr/local/www/services_captiveportal_vouchers_edit.php5
-rwxr-xr-xusr/local/www/services_dhcp_edit.php5
-rw-r--r--usr/local/www/services_dhcpv6_edit.php5
-rwxr-xr-xusr/local/www/services_dnsmasq_domainoverride_edit.php7
-rwxr-xr-xusr/local/www/services_dnsmasq_edit.php5
-rw-r--r--usr/local/www/services_dyndns_edit.php5
-rwxr-xr-xusr/local/www/services_igmpproxy_edit.php5
-rw-r--r--usr/local/www/services_rfc2136_edit.php5
-rwxr-xr-xusr/local/www/services_wol_edit.php5
-rwxr-xr-xusr/local/www/status_captiveportal.php4
-rw-r--r--usr/local/www/status_captiveportal_expire.php2
-rw-r--r--usr/local/www/status_captiveportal_test.php2
-rwxr-xr-xusr/local/www/status_wireless.php2
-rw-r--r--usr/local/www/system_advanced_sysctl.php7
-rw-r--r--usr/local/www/system_authservers.php7
-rw-r--r--usr/local/www/system_camanager.php9
-rw-r--r--usr/local/www/system_certmanager.php19
-rw-r--r--usr/local/www/system_crlmanager.php11
-rwxr-xr-xusr/local/www/system_gateway_groups_edit.php10
-rwxr-xr-xusr/local/www/system_gateways_edit.php10
-rw-r--r--usr/local/www/system_groupmanager_addprivs.php7
-rwxr-xr-xusr/local/www/system_routes_edit.php10
-rw-r--r--usr/local/www/system_usermanager.php7
-rw-r--r--usr/local/www/system_usermanager_addprivs.php7
-rw-r--r--usr/local/www/vpn_ipsec_keys_edit.php5
-rw-r--r--usr/local/www/vpn_ipsec_phase1.php14
-rw-r--r--usr/local/www/vpn_ipsec_phase2.php11
-rw-r--r--usr/local/www/vpn_l2tp_users_edit.php5
-rw-r--r--usr/local/www/vpn_openvpn_client.php7
-rw-r--r--usr/local/www/vpn_openvpn_csc.php7
-rw-r--r--usr/local/www/vpn_openvpn_server.php7
-rwxr-xr-xusr/local/www/vpn_pppoe_edit.php7
-rwxr-xr-xusr/local/www/vpn_pptp_users_edit.php5
66 files changed, 234 insertions, 194 deletions
diff --git a/usr/local/www/firewall_aliases_edit.php b/usr/local/www/firewall_aliases_edit.php
index f787d1e..57ce1f3 100755
--- a/usr/local/www/firewall_aliases_edit.php
+++ b/usr/local/www/firewall_aliases_edit.php
@@ -92,8 +92,9 @@ function alias_same_type($name, $type) {
return true;
}
-$id = $_GET['id'];
-if (isset($_POST['id']))
+if (is_numericint($_GET['id']))
+ $id = $_GET['id'];
+if (isset($_POST['id']) && is_numericint($_POST['id']))
$id = $_POST['id'];
if (isset($id) && $a_aliases[$id]) {
diff --git a/usr/local/www/firewall_nat_1to1_edit.php b/usr/local/www/firewall_nat_1to1_edit.php
index 8f54686..12afa3d 100755
--- a/usr/local/www/firewall_nat_1to1_edit.php
+++ b/usr/local/www/firewall_nat_1to1_edit.php
@@ -70,8 +70,9 @@ if (!is_array($config['nat']['onetoone'])) {
}
$a_1to1 = &$config['nat']['onetoone'];
-$id = $_GET['id'];
-if (isset($_POST['id']))
+if (is_numericint($_GET['id']))
+ $id = $_GET['id'];
+if (isset($_POST['id']) && is_numericint($_POST['id']))
$id = $_POST['id'];
if (isset($id) && $a_1to1[$id]) {
diff --git a/usr/local/www/firewall_nat_edit.php b/usr/local/www/firewall_nat_edit.php
index b879481..0b25304 100755
--- a/usr/local/www/firewall_nat_edit.php
+++ b/usr/local/www/firewall_nat_edit.php
@@ -56,16 +56,17 @@ if (!is_array($config['nat']['rule'])) {
}
$a_nat = &$config['nat']['rule'];
-$id = $_GET['id'];
-if (isset($_POST['id']))
+if (is_numericint($_GET['id']))
+ $id = $_GET['id'];
+if (isset($_POST['id']) && is_numericint($_POST['id']))
$id = $_POST['id'];
-$after = $_GET['after'];
-
-if (isset($_POST['after']))
+if (is_numericint($_GET['after']))
+ $after = $_GET['after'];
+if (isset($_POST['after']) && is_numericint($_GET['after']))
$after = $_POST['after'];
-if (isset($_GET['dup'])) {
+if (isset($_GET['dup']) && is_numericint($_GET['dup'])) {
$id = $_GET['dup'];
$after = $_GET['dup'];
}
@@ -105,7 +106,7 @@ if (isset($id) && $a_nat[$id]) {
$pconfig['srcendport'] = "any";
}
-if (isset($_GET['dup']))
+if (isset($_GET['dup']) && is_numericint($_GET['dup']))
unset($id);
/* run through $_POST items encoding HTML entties so that the user
@@ -804,7 +805,7 @@ include("fbegin.inc"); ?>
</select>
</td>
</tr>
- <?php if (isset($id) && $a_nat[$id] && !isset($_GET['dup'])): ?>
+ <?php if (isset($id) && $a_nat[$id] && (!isset($_GET['dup']) || !is_numericint($_GET['dup']))): ?>
<tr id="assoctable">
<td width="22%" valign="top" class="vncell"><?=gettext("Filter rule association"); ?></td>
<td width="78%" class="vtable">
@@ -835,7 +836,7 @@ include("fbegin.inc"); ?>
</td>
</tr>
<?php endif; ?>
- <?php if ((!(isset($id) && $a_nat[$id])) || (isset($_GET['dup']))): ?>
+ <?php if ((!(isset($id) && $a_nat[$id])) || (isset($_GET['dup']) && is_numericint($_GET['dup']))): ?>
<tr id="assoctable">
<td width="22%" valign="top" class="vncell"><?=gettext("Filter rule association"); ?></td>
<td width="78%" class="vtable">
diff --git a/usr/local/www/firewall_nat_npt_edit.php b/usr/local/www/firewall_nat_npt_edit.php
index 583490f..70dd97c 100644
--- a/usr/local/www/firewall_nat_npt_edit.php
+++ b/usr/local/www/firewall_nat_npt_edit.php
@@ -69,8 +69,9 @@ if (!is_array($config['nat']['npt'])) {
}
$a_npt = &$config['nat']['npt'];
-$id = $_GET['id'];
-if (isset($_POST['id']))
+if (is_numericint($_GET['id']))
+ $id = $_GET['id'];
+if (isset($_POST['id']) && is_numericint($_POST['id']))
$id = $_POST['id'];
if (isset($id) && $a_npt[$id]) {
diff --git a/usr/local/www/firewall_nat_out_edit.php b/usr/local/www/firewall_nat_out_edit.php
index a187afd..aae4319 100755
--- a/usr/local/www/firewall_nat_out_edit.php
+++ b/usr/local/www/firewall_nat_out_edit.php
@@ -58,19 +58,19 @@ if (!is_array($config['aliases']['alias']))
$config['aliases']['alias'] = array();
$a_aliases = &$config['aliases']['alias'];
-$id = $_GET['id'];
-if (isset($_POST['id'])) {
+if (is_numericint($_GET['id']))
+ $id = $_GET['id'];
+if (isset($_POST['id']) && is_numericint($_POST['id']))
$id = $_POST['id'];
-}
-
-$after = $_GET['after'];
-if (isset($_POST['after']))
+if (is_numericint($_GET['after']))
+ $after = $_GET['after'];
+if (isset($_POST['after']) && is_numericint($_GET['after']))
$after = $_POST['after'];
-if (isset($_GET['dup'])) {
- $id = $_GET['dup'];
- $after = $_GET['dup'];
+if (isset($_GET['dup']) && is_numericint($_GET['dup'])) {
+ $id = $_GET['dup'];
+ $after = $_GET['dup'];
}
if (isset($id) && $a_out[$id]) {
@@ -109,9 +109,8 @@ if (isset($id) && $a_out[$id]) {
$pconfig['interface'] = "wan";
}
-if (isset($_GET['dup'])) {
- unset($id);
-}
+if (isset($_GET['dup']) && is_numericint($_GET['dup']))
+ unset($id);
if ($_POST) {
if ($_POST['destination_type'] == "any") {
diff --git a/usr/local/www/firewall_rules_edit.php b/usr/local/www/firewall_rules_edit.php
index d4efe51..10192cb 100755
--- a/usr/local/www/firewall_rules_edit.php
+++ b/usr/local/www/firewall_rules_edit.php
@@ -81,18 +81,19 @@ if (!is_array($config['filter']['rule'])) {
filter_rules_sort();
$a_filter = &$config['filter']['rule'];
-$id = $_GET['id'];
-if (is_numeric($_POST['id']))
+if (is_numericint($_GET['id']))
+ $id = $_GET['id'];
+if (isset($_POST['id']) && is_numericint($_POST['id']))
$id = $_POST['id'];
-$after = $_GET['after'];
-
-if (isset($_POST['after']))
+if (is_numericint($_GET['after']))
+ $after = $_GET['after'];
+if (isset($_POST['after']) && is_numericint($_GET['after']))
$after = $_POST['after'];
-if (isset($_GET['dup'])) {
- $id = $_GET['dup'];
- $after = $_GET['dup'];
+if (isset($_GET['dup']) && is_numericint($_GET['dup'])) {
+ $id = $_GET['dup'];
+ $after = $_GET['dup'];
}
if (isset($id) && $a_filter[$id]) {
@@ -202,7 +203,7 @@ if (isset($id) && $a_filter[$id]) {
$pconfig['sched'] = (($a_filter[$id]['sched'] == "none") ? '' : $a_filter[$id]['sched']);
$pconfig['vlanprio'] = (($a_filter[$id]['vlanprio'] == "none") ? '' : $a_filter[$id]['vlanprio']);
$pconfig['vlanprioset'] = (($a_filter[$id]['vlanprioset'] == "none") ? '' : $a_filter[$id]['vlanprioset']);
- if (!isset($_GET['dup']))
+ if (!isset($_GET['dup']) || !is_numericint($_GET['dup']))
$pconfig['associated-rule-id'] = $a_filter[$id]['associated-rule-id'];
} else {
@@ -216,7 +217,7 @@ if (isset($id) && $a_filter[$id]) {
/* Allow the FloatingRules to work */
$if = $pconfig['interface'];
-if (isset($_GET['dup']))
+if (isset($_GET['dup']) && is_numericint($_GET['dup']))
unset($id);
read_altq_config(); /* XXX: */
diff --git a/usr/local/www/firewall_schedule_edit.php b/usr/local/www/firewall_schedule_edit.php
index 5de6a27..b02dbd1 100644
--- a/usr/local/www/firewall_schedule_edit.php
+++ b/usr/local/www/firewall_schedule_edit.php
@@ -74,9 +74,9 @@ if (!is_array($config['schedules']['schedule']))
$a_schedules = &$config['schedules']['schedule'];
-
-$id = $_GET['id'];
-if (isset($_POST['id']))
+if (is_numericint($_GET['id']))
+ $id = $_GET['id'];
+if (isset($_POST['id']) && is_numericint($_POST['id']))
$id = $_POST['id'];
if (isset($id) && $a_schedules[$id]) {
diff --git a/usr/local/www/firewall_virtual_ip.php b/usr/local/www/firewall_virtual_ip.php
index 3a3cb3d..3703d55 100755
--- a/usr/local/www/firewall_virtual_ip.php
+++ b/usr/local/www/firewall_virtual_ip.php
@@ -192,7 +192,7 @@ if ($_GET['act'] == "del") {
exit;
}
}
-} else if ($_GET['changes'] == "mods")
+} else if ($_GET['changes'] == "mods" && is_numericint($_GET['id']))
$id = $_GET['id'];
$pgtitle = array(gettext("Firewall"),gettext("Virtual IP Addresses"));
@@ -224,7 +224,7 @@ include("head.inc");
?>
</td></tr>
<tr>
- <td><input type="hidden" id="id" name="id" value="<?php echo $id; ?>" /></td>
+ <td><input type="hidden" id="id" name="id" value="<?php echo htmlspecialchars($id); ?>" /></td>
</tr>
<tr>
<td>
diff --git a/usr/local/www/firewall_virtual_ip_edit.php b/usr/local/www/firewall_virtual_ip_edit.php
index b97b593..966719e 100755
--- a/usr/local/www/firewall_virtual_ip_edit.php
+++ b/usr/local/www/firewall_virtual_ip_edit.php
@@ -58,10 +58,10 @@ if (!is_array($config['virtualip']['vip'])) {
}
$a_vip = &$config['virtualip']['vip'];
-if (isset($_POST['id']))
- $id = $_POST['id'];
-else
+if (is_numericint($_GET['id']))
$id = $_GET['id'];
+if (isset($_POST['id']) && is_numericint($_POST['id']))
+ $id = $_POST['id'];
function return_first_two_octets($ip) {
$ip_split = explode(".", $ip);
diff --git a/usr/local/www/interfaces.php b/usr/local/www/interfaces.php
index 0d452c7..4e92762 100755
--- a/usr/local/www/interfaces.php
+++ b/usr/local/www/interfaces.php
@@ -2769,7 +2769,7 @@ $types6 = array("none" => gettext("None"), "staticv6" => gettext("Static IPv6"),
<br/>
<input id="save" name="Submit" type="submit" class="formbtn" value="<?=gettext("Save"); ?>" />
<input id="cancel" type="button" class="formbtn" value="<?=gettext("Cancel"); ?>" onclick="history.back()" />
- <input name="if" type="hidden" id="if" value="<?=$if;?>" />
+ <input name="if" type="hidden" id="if" value="<?=htmlspecialchars($if);?>" />
<?php if ($wancfg['if'] == $a_ppps[$pppid]['if']) : ?>
<input name="ppp_port" type="hidden" value="<?=htmlspecialchars($pconfig['port']);?>" />
<?php endif; ?>
diff --git a/usr/local/www/interfaces_bridge_edit.php b/usr/local/www/interfaces_bridge_edit.php
index 1565abc..8ef6043 100644
--- a/usr/local/www/interfaces_bridge_edit.php
+++ b/usr/local/www/interfaces_bridge_edit.php
@@ -51,8 +51,9 @@ foreach ($ifacelist as $bif => $bdescr) {
unset($ifacelist[$bif]);
}
-$id = $_GET['id'];
-if (isset($_POST['id']))
+if (is_numericint($_GET['id']))
+ $id = $_GET['id'];
+if (isset($_POST['id']) && is_numericint($_POST['id']))
$id = $_POST['id'];
if (isset($id) && $a_bridges[$id]) {
diff --git a/usr/local/www/interfaces_gif_edit.php b/usr/local/www/interfaces_gif_edit.php
index b5eb89c..4add083 100644
--- a/usr/local/www/interfaces_gif_edit.php
+++ b/usr/local/www/interfaces_gif_edit.php
@@ -45,9 +45,9 @@ if (!is_array($config['gifs']['gif']))
$a_gifs = &$config['gifs']['gif'];
-
-$id = $_GET['id'];
-if (isset($_POST['id']))
+if (is_numericint($_GET['id']))
+ $id = $_GET['id'];
+if (isset($_POST['id']) && is_numericint($_POST['id']))
$id = $_POST['id'];
if (isset($id) && $a_gifs[$id]) {
diff --git a/usr/local/www/interfaces_gre_edit.php b/usr/local/www/interfaces_gre_edit.php
index 984def3..5d97cd6 100644
--- a/usr/local/www/interfaces_gre_edit.php
+++ b/usr/local/www/interfaces_gre_edit.php
@@ -46,9 +46,9 @@ if (!is_array($config['gres']['gre']))
$a_gres = &$config['gres']['gre'];
-
-$id = $_GET['id'];
-if (isset($_POST['id']))
+if (is_numericint($_GET['id']))
+ $id = $_GET['id'];
+if (isset($_POST['id']) && is_numericint($_POST['id']))
$id = $_POST['id'];
if (isset($id) && $a_gres[$id]) {
diff --git a/usr/local/www/interfaces_groups_edit.php b/usr/local/www/interfaces_groups_edit.php
index 6551323..a5960be 100755
--- a/usr/local/www/interfaces_groups_edit.php
+++ b/usr/local/www/interfaces_groups_edit.php
@@ -49,9 +49,9 @@ if (!is_array($config['ifgroups']['ifgroupentry']))
$a_ifgroups = &$config['ifgroups']['ifgroupentry'];
-if (isset($_GET['id']))
+if (is_numericint($_GET['id']))
$id = $_GET['id'];
-if (isset($_POST['id']))
+if (isset($_POST['id']) && is_numericint($_POST['id']))
$id = $_POST['id'];
if (isset($id) && $a_ifgroups[$id]) {
diff --git a/usr/local/www/interfaces_lagg_edit.php b/usr/local/www/interfaces_lagg_edit.php
index 26595f9..af4846e 100644
--- a/usr/local/www/interfaces_lagg_edit.php
+++ b/usr/local/www/interfaces_lagg_edit.php
@@ -64,8 +64,9 @@ foreach ($checklist as $tmpif)
$laggprotos = array("none", "lacp", "failover", "fec", "loadbalance", "roundrobin");
-$id = $_GET['id'];
-if (isset($_POST['id']))
+if (is_numericint($_GET['id']))
+ $id = $_GET['id'];
+if (isset($_POST['id']) && is_numericint($_POST['id']))
$id = $_POST['id'];
if (isset($id) && $a_laggs[$id]) {
diff --git a/usr/local/www/interfaces_ppps_edit.php b/usr/local/www/interfaces_ppps_edit.php
index efa6f89..fe0e1e8 100644
--- a/usr/local/www/interfaces_ppps_edit.php
+++ b/usr/local/www/interfaces_ppps_edit.php
@@ -64,8 +64,9 @@ if (is_array($config['vlans']['vlan']) && count($config['vlans']['vlan'])) {
}
}
-$id = $_GET['id'];
-if (isset($_POST['id']))
+if (is_numericint($_GET['id']))
+ $id = $_GET['id'];
+if (isset($_POST['id']) && is_numericint($_POST['id']))
$id = $_POST['id'];
if (isset($id) && $a_ppps[$id]) {
diff --git a/usr/local/www/interfaces_qinq_edit.php b/usr/local/www/interfaces_qinq_edit.php
index adb584a..093f3a2 100755
--- a/usr/local/www/interfaces_qinq_edit.php
+++ b/usr/local/www/interfaces_qinq_edit.php
@@ -59,8 +59,9 @@ if (count($portlist) < 1) {
exit;
}
-$id = $_GET['id'];
-if (isset($_POST['id']))
+if (is_numericint($_GET['id']))
+ $id = $_GET['id'];
+if (isset($_POST['id']) && is_numericint($_POST['id']))
$id = $_POST['id'];
if (isset($id) && $a_qinqs[$id]) {
diff --git a/usr/local/www/interfaces_vlan_edit.php b/usr/local/www/interfaces_vlan_edit.php
index ced8611..bae4dab 100755
--- a/usr/local/www/interfaces_vlan_edit.php
+++ b/usr/local/www/interfaces_vlan_edit.php
@@ -54,8 +54,9 @@ if (is_array($config['laggs']['lagg']) && count($config['laggs']['lagg'])) {
$portlist[$lagg['laggif']] = $lagg;
}
-$id = $_GET['id'];
-if (isset($_POST['id']))
+if (is_numericint($_GET['id']))
+ $id = $_GET['id'];
+if (isset($_POST['id']) && is_numericint($_POST['id']))
$id = $_POST['id'];
if (isset($id) && $a_vlans[$id]) {
diff --git a/usr/local/www/interfaces_wireless_edit.php b/usr/local/www/interfaces_wireless_edit.php
index 71c4e85..a9c96a3 100644
--- a/usr/local/www/interfaces_wireless_edit.php
+++ b/usr/local/www/interfaces_wireless_edit.php
@@ -65,8 +65,9 @@ function clone_compare($a, $b) {
$portlist = get_interface_list();
-$id = $_GET['id'];
-if (isset($_POST['id']))
+if (is_numericint($_GET['id']))
+ $id = $_GET['id'];
+if (isset($_POST['id']) && is_numericint($_POST['id']))
$id = $_POST['id'];
if (isset($id) && $a_clones[$id]) {
diff --git a/usr/local/www/load_balancer_monitor_edit.php b/usr/local/www/load_balancer_monitor_edit.php
index 271b2f6..33fb7de 100755
--- a/usr/local/www/load_balancer_monitor_edit.php
+++ b/usr/local/www/load_balancer_monitor_edit.php
@@ -46,10 +46,10 @@ if (!is_array($config['load_balancer']['monitor_type'])) {
}
$a_monitor = &$config['load_balancer']['monitor_type'];
-if (isset($_POST['id']))
- $id = $_POST['id'];
-else
+if (is_numericint($_GET['id']))
$id = $_GET['id'];
+if (isset($_POST['id']) && is_numericint($_POST['id']))
+ $id = $_POST['id'];
if (isset($id) && $a_monitor[$id]) {
$pconfig['name'] = $a_monitor[$id]['name'];
diff --git a/usr/local/www/load_balancer_pool_edit.php b/usr/local/www/load_balancer_pool_edit.php
index a47b8c8..c019d3c 100755
--- a/usr/local/www/load_balancer_pool_edit.php
+++ b/usr/local/www/load_balancer_pool_edit.php
@@ -48,10 +48,10 @@ if (!is_array($config['load_balancer']['lbpool'])) {
}
$a_pool = &$config['load_balancer']['lbpool'];
-if (isset($_POST['id']))
- $id = $_POST['id'];
-else
+if (is_numericint($_GET['id']))
$id = $_GET['id'];
+if (isset($_POST['id']) && is_numericint($_POST['id']))
+ $id = $_POST['id'];
if (isset($id) && $a_pool[$id]) {
$pconfig['name'] = $a_pool[$id]['name'];
diff --git a/usr/local/www/load_balancer_relay_action_edit.php b/usr/local/www/load_balancer_relay_action_edit.php
index 44f0ecb..72904e7 100755
--- a/usr/local/www/load_balancer_relay_action_edit.php
+++ b/usr/local/www/load_balancer_relay_action_edit.php
@@ -45,10 +45,10 @@ if (!is_array($config['load_balancer']['lbaction'])) {
}
$a_action = &$config['load_balancer']['lbaction'];
-if (isset($_POST['id']))
- $id = $_POST['id'];
-else
+if (is_numericint($_GET['id']))
$id = $_GET['id'];
+if (isset($_POST['id']) && is_numericint($_POST['id']))
+ $id = $_POST['id'];
if (isset($id) && $a_action[$id]) {
$pconfig = array();
diff --git a/usr/local/www/load_balancer_relay_protocol_edit.php b/usr/local/www/load_balancer_relay_protocol_edit.php
index 9dd02a0..6de04f6 100755
--- a/usr/local/www/load_balancer_relay_protocol_edit.php
+++ b/usr/local/www/load_balancer_relay_protocol_edit.php
@@ -46,10 +46,10 @@ if (!is_array($config['load_balancer']['lbprotocol'])) {
}
$a_protocol = &$config['load_balancer']['lbprotocol'];
-if (isset($_POST['id']))
- $id = $_POST['id'];
-else
+if (is_numericint($_GET['id']))
$id = $_GET['id'];
+if (isset($_POST['id']) && is_numericint($_POST['id']))
+ $id = $_POST['id'];
if (isset($id) && $a_protocol[$id]) {
$pconfig = $a_protocol[$id];
diff --git a/usr/local/www/load_balancer_virtual_server_edit.php b/usr/local/www/load_balancer_virtual_server_edit.php
index 4d7eb6a..63e7359 100755
--- a/usr/local/www/load_balancer_virtual_server_edit.php
+++ b/usr/local/www/load_balancer_virtual_server_edit.php
@@ -46,10 +46,10 @@ if (!is_array($config['load_balancer']['virtual_server'])) {
}
$a_vs = &$config['load_balancer']['virtual_server'];
-if (isset($_POST['id']))
- $id = $_POST['id'];
-else
+if (is_numericint($_GET['id']))
$id = $_GET['id'];
+if (isset($_POST['id']) && is_numericint($_POST['id']))
+ $id = $_POST['id'];
if (isset($id) && $a_vs[$id]) {
$pconfig = $a_vs[$id];
diff --git a/usr/local/www/services_captiveportal.php b/usr/local/www/services_captiveportal.php
index a387ede..d8d5664 100755
--- a/usr/local/www/services_captiveportal.php
+++ b/usr/local/www/services_captiveportal.php
@@ -978,7 +978,7 @@ function enable_change(enable_change) {
<tr>
<td width="22%" valign="top">&nbsp;</td>
<td width="78%">
- <?php echo "<input name='zone' id='zone' type='hidden' value='{$cpzone}'/>"; ?>
+ <?php echo "<input name='zone' id='zone' type='hidden' value='" . htmlspecialchars($cpzone) . "'/>"; ?>
<input name="Submit" type="submit" class="formbtn" value="<?=gettext("Save"); ?>" onClick="enable_change(true)">
<a href="services_captiveportal_zones.php"><input name="Cancel" type="button" class="formbtn" value="<?=gettext("Cancel"); ?>" onClick="enable_change(true)"></a>
</td>
diff --git a/usr/local/www/services_captiveportal_filemanager.php b/usr/local/www/services_captiveportal_filemanager.php
index 285fd36..5ad51b4 100755
--- a/usr/local/www/services_captiveportal_filemanager.php
+++ b/usr/local/www/services_captiveportal_filemanager.php
@@ -138,7 +138,7 @@ include("head.inc");
<?php include("fbegin.inc"); ?>
<body link="#0000CC" vlink="#0000CC" alink="#0000CC">
<form action="services_captiveportal_filemanager.php" method="post" enctype="multipart/form-data" name="iform" id="iform">
-<input type="hidden" name="zone" id="zone" value="<?=$cpzone;?>" />
+<input type="hidden" name="zone" id="zone" value="<?=htmlspecialchars($cpzone);?>" />
<?php if ($input_errors) print_input_errors($input_errors); ?>
<table width="100%" border="0" cellpadding="0" cellspacing="0">
<tr><td class="tabnavtbl">
diff --git a/usr/local/www/services_captiveportal_hostname.php b/usr/local/www/services_captiveportal_hostname.php
index f9b2a8a..e39d529 100755
--- a/usr/local/www/services_captiveportal_hostname.php
+++ b/usr/local/www/services_captiveportal_hostname.php
@@ -98,7 +98,7 @@ include("head.inc");
<?php include("fbegin.inc"); ?>
<body link="#0000CC" vlink="#0000CC" alink="#0000CC">
<form action="services_captiveportal_hostname.php" method="post">
-<input type="hidden" name="zone" id="zone" value="<?=$cpzone;?>" />
+<input type="hidden" name="zone" id="zone" value="<?=htmlspecialchars($cpzone);?>" />
<?php if ($savemsg) print_info_box($savemsg); ?>
<table width="100%" border="0" cellpadding="0" cellspacing="0">
<tr><td class="tabnavtbl">
diff --git a/usr/local/www/services_captiveportal_hostname_edit.php b/usr/local/www/services_captiveportal_hostname_edit.php
index f7f3308..b5316b2 100755
--- a/usr/local/www/services_captiveportal_hostname_edit.php
+++ b/usr/local/www/services_captiveportal_hostname_edit.php
@@ -72,8 +72,9 @@ if (!is_array($config['captiveportal']))
$config['captiveportal'] = array();
$a_cp =& $config['captiveportal'];
-$id = $_GET['id'];
-if (isset($_POST['id']))
+if (is_numericint($_GET['id']))
+ $id = $_GET['id'];
+if (isset($_POST['id']) && is_numericint($_POST['id']))
$id = $_POST['id'];
if (!is_array($a_cp[$cpzone]['allowedhostname']))
diff --git a/usr/local/www/services_captiveportal_ip.php b/usr/local/www/services_captiveportal_ip.php
index 2a3d50f..0c53f4f 100755
--- a/usr/local/www/services_captiveportal_ip.php
+++ b/usr/local/www/services_captiveportal_ip.php
@@ -93,7 +93,7 @@ include("head.inc");
<?php include("fbegin.inc"); ?>
<body link="#0000CC" vlink="#0000CC" alink="#0000CC">
<form action="services_captiveportal_ip.php" method="post">
-<input type="hidden" name="zone" id="zone" value="<?=$cpzone;?>" />
+<input type="hidden" name="zone" id="zone" value="<?=htmlspecialchars($cpzone);?>" />
<?php if ($savemsg) print_info_box($savemsg); ?>
<table width="100%" border="0" cellpadding="0" cellspacing="0">
<tr><td class="tabnavtbl">
diff --git a/usr/local/www/services_captiveportal_ip_edit.php b/usr/local/www/services_captiveportal_ip_edit.php
index f16532c..7473fc3 100755
--- a/usr/local/www/services_captiveportal_ip_edit.php
+++ b/usr/local/www/services_captiveportal_ip_edit.php
@@ -73,8 +73,9 @@ if (!is_array($config['captiveportal']))
$config['captiveportal'] = array();
$a_cp =& $config['captiveportal'];
-$id = $_GET['id'];
-if (isset($_POST['id']))
+if (is_numericint($_GET['id']))
+ $id = $_GET['id'];
+if (isset($_POST['id']) && is_numericint($_POST['id']))
$id = $_POST['id'];
if (!is_array($config['captiveportal'][$cpzone]['allowedip']))
diff --git a/usr/local/www/services_captiveportal_mac.php b/usr/local/www/services_captiveportal_mac.php
index 1f516de..bac686b 100755
--- a/usr/local/www/services_captiveportal_mac.php
+++ b/usr/local/www/services_captiveportal_mac.php
@@ -150,7 +150,7 @@ include("head.inc");
<?php include("fbegin.inc"); ?>
<body link="#0000CC" vlink="#0000CC" alink="#0000CC">
<form action="services_captiveportal_mac.php" method="post">
-<input type="hidden" name="zone" id="zone" value="<?=$cpzone;?>"/>
+<input type="hidden" name="zone" id="zone" value="<?=htmlspecialchars($cpzone);?>"/>
<?php if ($savemsg) print_info_box($savemsg); ?>
<?php if (is_subsystem_dirty('passthrumac')): ?><p>
<?php print_info_box_np(gettext("The captive portal MAC address configuration has been changed.<br>You must apply the changes in order for them to take effect."));?><br>
diff --git a/usr/local/www/services_captiveportal_mac_edit.php b/usr/local/www/services_captiveportal_mac_edit.php
index da41e0a..76a67f7 100755
--- a/usr/local/www/services_captiveportal_mac_edit.php
+++ b/usr/local/www/services_captiveportal_mac_edit.php
@@ -70,8 +70,9 @@ if (!is_array($config['captiveportal']))
$config['captiveportal'] = array();
$a_cp =& $config['captiveportal'];
-$id = $_GET['id'];
-if (isset($_POST['id']))
+if (is_numericint($_GET['id']))
+ $id = $_GET['id'];
+if (isset($_POST['id']) && is_numericint($_POST['id']))
$id = $_POST['id'];
if (!is_array($a_cp[$cpzone]['passthrumac']))
diff --git a/usr/local/www/services_captiveportal_vouchers.php b/usr/local/www/services_captiveportal_vouchers.php
index a7edc3d..9fecd0e 100644
--- a/usr/local/www/services_captiveportal_vouchers.php
+++ b/usr/local/www/services_captiveportal_vouchers.php
@@ -629,7 +629,7 @@ function enable_change(enable_change) {
<tr>
<td width="22%" valign="top">&nbsp;</td>
<td width="78%">
- <input type="hidden" name="zone" id="zone" value="<?=$cpzone;?>" />
+ <input type="hidden" name="zone" id="zone" value="<?=htmlspecialchars($cpzone);?>" />
<input type="hidden" name="exponent" id="exponent" value="<?=$pconfig['exponent'];?>" />
<input name="Submit" type="submit" class="formbtn" value="<?=gettext("Save"); ?>" onClick="enable_change(true); before_save();">
<input type="button" class="formbtn" value="<?=gettext("Cancel"); ?>" onclick="history.back()">
diff --git a/usr/local/www/services_captiveportal_vouchers_edit.php b/usr/local/www/services_captiveportal_vouchers_edit.php
index daf5565..83f55c2 100644
--- a/usr/local/www/services_captiveportal_vouchers_edit.php
+++ b/usr/local/www/services_captiveportal_vouchers_edit.php
@@ -67,8 +67,9 @@ if (!is_array($config['voucher'][$cpzone]['roll'])) {
}
$a_roll = &$config['voucher'][$cpzone]['roll'];
-$id = $_GET['id'];
-if (isset($_POST['id']))
+if (is_numericint($_GET['id']))
+ $id = $_GET['id'];
+if (isset($_POST['id']) && is_numericint($_POST['id']))
$id = $_POST['id'];
if (isset($id) && $a_roll[$id]) {
diff --git a/usr/local/www/services_dhcp_edit.php b/usr/local/www/services_dhcp_edit.php
index a132478..2bca379 100755
--- a/usr/local/www/services_dhcp_edit.php
+++ b/usr/local/www/services_dhcp_edit.php
@@ -86,8 +86,9 @@ $ifcfgip = get_interface_ip($if);
$ifcfgsn = get_interface_subnet($if);
$ifcfgdescr = convert_friendly_interface_to_friendly_descr($if);
-$id = $_GET['id'];
-if (isset($_POST['id']))
+if (is_numericint($_GET['id']))
+ $id = $_GET['id'];
+if (isset($_POST['id']) && is_numericint($_POST['id']))
$id = $_POST['id'];
if (isset($id) && $a_maps[$id]) {
diff --git a/usr/local/www/services_dhcpv6_edit.php b/usr/local/www/services_dhcpv6_edit.php
index a4e48e6..c746321 100644
--- a/usr/local/www/services_dhcpv6_edit.php
+++ b/usr/local/www/services_dhcpv6_edit.php
@@ -82,8 +82,9 @@ $ifcfgipv6 = get_interface_ipv6($if);
$ifcfgsnv6 = get_interface_subnetv6($if);
$ifcfgdescr = convert_friendly_interface_to_friendly_descr($if);
-$id = $_GET['id'];
-if (isset($_POST['id']))
+if (is_numericint($_GET['id']))
+ $id = $_GET['id'];
+if (isset($_POST['id']) && is_numericint($_POST['id']))
$id = $_POST['id'];
if (isset($id) && $a_maps[$id]) {
diff --git a/usr/local/www/services_dnsmasq_domainoverride_edit.php b/usr/local/www/services_dnsmasq_domainoverride_edit.php
index 3cf2fc3..048ce28 100755
--- a/usr/local/www/services_dnsmasq_domainoverride_edit.php
+++ b/usr/local/www/services_dnsmasq_domainoverride_edit.php
@@ -45,9 +45,10 @@ if (!is_array($config['dnsmasq']['domainoverrides'])) {
}
$a_domainOverrides = &$config['dnsmasq']['domainoverrides'];
-$id = $_GET['id'];
-if (isset($_POST['id']))
- $id = $_POST['id'];
+if (is_numericint($_GET['id']))
+ $id = $_GET['id'];
+if (isset($_POST['id']) && is_numericint($_POST['id']))
+ $id = $_POST['id'];
if (isset($id) && $a_domainOverrides[$id]) {
$pconfig['domain'] = $a_domainOverrides[$id]['domain'];
diff --git a/usr/local/www/services_dnsmasq_edit.php b/usr/local/www/services_dnsmasq_edit.php
index 33a7918..d6e0b61 100755
--- a/usr/local/www/services_dnsmasq_edit.php
+++ b/usr/local/www/services_dnsmasq_edit.php
@@ -59,8 +59,9 @@ if (!is_array($config['dnsmasq']['hosts']))
$a_hosts = &$config['dnsmasq']['hosts'];
-$id = $_GET['id'];
-if (isset($_POST['id']))
+if (is_numericint($_GET['id']))
+ $id = $_GET['id'];
+if (isset($_POST['id']) && is_numericint($_POST['id']))
$id = $_POST['id'];
if (isset($id) && $a_hosts[$id]) {
diff --git a/usr/local/www/services_dyndns_edit.php b/usr/local/www/services_dyndns_edit.php
index 09f9e6b..adc6710 100644
--- a/usr/local/www/services_dyndns_edit.php
+++ b/usr/local/www/services_dyndns_edit.php
@@ -56,8 +56,9 @@ if (!is_array($config['dyndnses']['dyndns'])) {
$a_dyndns = &$config['dyndnses']['dyndns'];
-$id = $_GET['id'];
-if (isset($_POST['id']))
+if (is_numericint($_GET['id']))
+ $id = $_GET['id'];
+if (isset($_POST['id']) && is_numericint($_POST['id']))
$id = $_POST['id'];
if (isset($id) && isset($a_dyndns[$id])) {
diff --git a/usr/local/www/services_igmpproxy_edit.php b/usr/local/www/services_igmpproxy_edit.php
index 92fb71b..9d5fda5 100755
--- a/usr/local/www/services_igmpproxy_edit.php
+++ b/usr/local/www/services_igmpproxy_edit.php
@@ -53,8 +53,9 @@ if (!is_array($config['igmpproxy']['igmpentry']))
//igmpproxy_sort();
$a_igmpproxy = &$config['igmpproxy']['igmpentry'];
-$id = $_GET['id'];
-if (isset($_POST['id']))
+if (is_numericint($_GET['id']))
+ $id = $_GET['id'];
+if (isset($_POST['id']) && is_numericint($_POST['id']))
$id = $_POST['id'];
if (isset($id) && $a_igmpproxy[$id]) {
diff --git a/usr/local/www/services_rfc2136_edit.php b/usr/local/www/services_rfc2136_edit.php
index 965940f..ebd977d 100644
--- a/usr/local/www/services_rfc2136_edit.php
+++ b/usr/local/www/services_rfc2136_edit.php
@@ -37,8 +37,9 @@ if (!is_array($config['dnsupdates']['dnsupdate'])) {
$a_rfc2136 = &$config['dnsupdates']['dnsupdate'];
-$id = $_GET['id'];
-if (isset($_POST['id']))
+if (is_numericint($_GET['id']))
+ $id = $_GET['id'];
+if (isset($_POST['id']) && is_numericint($_POST['id']))
$id = $_POST['id'];
if (isset($id) && isset($a_rfc2136[$id])) {
diff --git a/usr/local/www/services_wol_edit.php b/usr/local/www/services_wol_edit.php
index ca31048..437e7bcb 100755
--- a/usr/local/www/services_wol_edit.php
+++ b/usr/local/www/services_wol_edit.php
@@ -56,8 +56,9 @@ if (!is_array($config['wol']['wolentry'])) {
}
$a_wol = &$config['wol']['wolentry'];
-$id = $_GET['id'];
-if (isset($_POST['id']))
+if (is_numericint($_GET['id']))
+ $id = $_GET['id'];
+if (isset($_POST['id']) && is_numericint($_POST['id']))
$id = $_POST['id'];
if (isset($id) && $a_wol[$id]) {
diff --git a/usr/local/www/status_captiveportal.php b/usr/local/www/status_captiveportal.php
index 2325b3c..5288258 100755
--- a/usr/local/www/status_captiveportal.php
+++ b/usr/local/www/status_captiveportal.php
@@ -188,7 +188,7 @@ $mac_man = load_mac_manufacturer_table();
<?php endif; ?>
<form action="status_captiveportal.php" method="get" style="margin: 14px;">
-<input type="hidden" name="order" value="<?=$_GET['order'];?>" />
+<input type="hidden" name="order" value="<?=htmlspecialchars($_GET['order']);?>" />
<?php if (!empty($cpzone)): ?>
<?php if ($_GET['showact']): ?>
<input type="hidden" name="showact" value="0" />
@@ -197,7 +197,7 @@ $mac_man = load_mac_manufacturer_table();
<input type="hidden" name="showact" value="1" />
<input type="submit" class="formbtn" value="<?=gettext("Show last activity");?>" />
<?php endif; ?>
-<input type="hidden" name="zone" value="<?=$cpzone;?>" />
+<input type="hidden" name="zone" value="<?=htmlspecialchars($cpzone);?>" />
<?php endif; ?>
</form>
<?php include("fend.inc"); ?>
diff --git a/usr/local/www/status_captiveportal_expire.php b/usr/local/www/status_captiveportal_expire.php
index 048df4d..48d3f05 100644
--- a/usr/local/www/status_captiveportal_expire.php
+++ b/usr/local/www/status_captiveportal_expire.php
@@ -88,7 +88,7 @@ include("fbegin.inc");
<tr>
<td width="22%" valign="top">&nbsp;</td>
<td width="78%">
- <input name="zone" type="hidden" value="<?=$cpzone;?>">
+ <input name="zone" type="hidden" value="<?=htmlspecialchars($cpzone);?>">
<input name="Submit" type="submit" class="formbtn" value="<?=gettext("Submit"); ?>">
</td>
</tr>
diff --git a/usr/local/www/status_captiveportal_test.php b/usr/local/www/status_captiveportal_test.php
index 8e7ece7..a0cafbd 100644
--- a/usr/local/www/status_captiveportal_test.php
+++ b/usr/local/www/status_captiveportal_test.php
@@ -90,7 +90,7 @@ include("fbegin.inc");
<tr>
<td width="22%" valign="top">&nbsp;</td>
<td width="78%">
- <input name="zone" type="hidden" value="<?=$cpzone;?>">
+ <input name="zone" type="hidden" value="<?=htmlspecialchars($cpzone);?>">
<input name="Submit" type="submit" class="formbtn" value="<?=gettext("Submit"); ?>">
</td>
</tr>
diff --git a/usr/local/www/status_wireless.php b/usr/local/www/status_wireless.php
index 47da215..f18c9b5 100755
--- a/usr/local/www/status_wireless.php
+++ b/usr/local/www/status_wireless.php
@@ -89,7 +89,7 @@ display_top_tabs($tab_array);
</td></tr>
<tr><td>
<div id="mainarea" class="tabcont">
-<input type="hidden" name="if" id="if" value="<?php echo $if; ?>">
+<input type="hidden" name="if" id="if" value="<?php echo htmlspecialchars($if); ?>">
<b><input type="submit" name="rescanwifi" id="rescanwifi" value="Rescan"></b><br/><br/>
<b><?php echo gettext("Nearby access points or ad-hoc peers"); ?></b>
<table class="tabcont sortable" colspan="3" cellpadding="3" width="100%">
diff --git a/usr/local/www/system_advanced_sysctl.php b/usr/local/www/system_advanced_sysctl.php
index da1aef3..a7b1cee 100644
--- a/usr/local/www/system_advanced_sysctl.php
+++ b/usr/local/www/system_advanced_sysctl.php
@@ -50,8 +50,9 @@ if (!is_array($config['sysctl']['item']))
$a_tunable = &$config['sysctl']['item'];
-$id = $_GET['id'];
-if (isset($_POST['id']))
+if (is_numericint($_GET['id']))
+ $id = $_GET['id'];
+if (isset($_POST['id']) && is_numericint($_POST['id']))
$id = $_POST['id'];
$act = $_GET['act'];
@@ -257,7 +258,7 @@ include("head.inc");
<input id="submit" name="Submit" type="submit" class="formbtn" value="<?=gettext("Save"); ?>" />
<input id="cancelbutton" name="cancelbutton" type="button" class="formbtn" value="<?=gettext("Cancel"); ?>" onclick="history.back()" />
<?php if (isset($id) && $a_tunable[$id]): ?>
- <input name="id" type="hidden" value="<?=$id;?>" />
+ <input name="id" type="hidden" value="<?=htmlspecialchars($id);?>" />
<?php endif; ?>
</td>
</tr>
diff --git a/usr/local/www/system_authservers.php b/usr/local/www/system_authservers.php
index 66b188e..e24e913 100644
--- a/usr/local/www/system_authservers.php
+++ b/usr/local/www/system_authservers.php
@@ -44,8 +44,9 @@ require_once("auth.inc");
$pgtitle = array(gettext("System"), gettext("Authentication Servers"));
$shortcut_section = "authentication";
-$id = $_GET['id'];
-if (isset($_POST['id']))
+if (is_numericint($_GET['id']))
+ $id = $_GET['id'];
+if (isset($_POST['id']) && is_numericint($_POST['id']))
$id = $_POST['id'];
if (!is_array($config['system']['authserver']))
@@ -788,7 +789,7 @@ function select_clicked() {
<td width="78%">
<input id="submit" name="save" type="submit" class="formbtn" value="<?=gettext("Save");?>" />
<?php if (isset($id) && $a_server[$id]): ?>
- <input name="id" type="hidden" value="<?=$id;?>" />
+ <input name="id" type="hidden" value="<?=htmlspecialchars($id);?>" />
<?php endif;?>
</td>
</tr>
diff --git a/usr/local/www/system_camanager.php b/usr/local/www/system_camanager.php
index a659239..0eb743a 100644
--- a/usr/local/www/system_camanager.php
+++ b/usr/local/www/system_camanager.php
@@ -50,8 +50,9 @@ $openssl_digest_algs = array("sha1", "sha224", "sha256", "sha384", "sha512");
$pgtitle = array(gettext("System"), gettext("Certificate Authority Manager"));
-$id = $_GET['id'];
-if (isset($_POST['id']))
+if (is_numericint($_GET['id']))
+ $id = $_GET['id'];
+if (isset($_POST['id']) && is_numericint($_POST['id']))
$id = $_POST['id'];
if (!is_array($config['ca']))
@@ -369,7 +370,7 @@ function method_change() {
<form action="system_camanager.php" method="post" name="iform" id="iform">
<?php if ($act == "edit"): ?>
<input type="hidden" name="edit" value="edit" id="edit" />
- <input type="hidden" name="id" value="<?php echo $id; ?>" id="id" />
+ <input type="hidden" name="id" value="<?php echo htmlspecialchars($id); ?>" id="id" />
<input type="hidden" name="refid" value="<?php echo $pconfig['refid']; ?>" id="refid" />
<?php endif; ?>
<table width="100%" border="0" cellpadding="6" cellspacing="0" summary="main area">
@@ -577,7 +578,7 @@ function method_change() {
<td width="78%">
<input id="submit" name="save" type="submit" class="formbtn" value="<?=gettext("Save"); ?>" />
<?php if (isset($id) && $a_ca[$id]): ?>
- <input name="id" type="hidden" value="<?=$id;?>" />
+ <input name="id" type="hidden" value="<?=htmlspecialchars($id);?>" />
<?php endif;?>
</td>
</tr>
diff --git a/usr/local/www/system_certmanager.php b/usr/local/www/system_certmanager.php
index 7acc2eb..38993c6 100644
--- a/usr/local/www/system_certmanager.php
+++ b/usr/local/www/system_certmanager.php
@@ -56,18 +56,21 @@ $openssl_digest_algs = array("sha1", "sha224", "sha256", "sha384", "sha512");
$pgtitle = array(gettext("System"), gettext("Certificate Manager"));
-$userid = $_GET['userid'];
-if (isset($_POST['userid']))
+if (is_numericint($_GET['userid']))
+ $userid = $_GET['userid'];
+if (isset($_POST['userid']) && is_numericint($_POST['userid']))
$userid = $_POST['userid'];
-if (is_numeric($userid)) {
+
+if (isset($userid)) {
$cert_methods["existing"] = gettext("Choose an existing certificate");
if (!is_array($config['system']['user']))
$config['system']['user'] = array();
$a_user =& $config['system']['user'];
}
-$id = $_GET['id'];
-if (isset($_POST['id']))
+if (is_numericint($_GET['id']))
+ $id = $_GET['id'];
+if (isset($_POST['id']) && is_numericint($_POST['id']))
$id = $_POST['id'];
if (!is_array($config['ca']))
@@ -969,7 +972,7 @@ function internalca_change() {
<td width="22%" valign="top" class="vncellreq"><?=gettext("Existing Certificates");?></td>
<td width="78%" class="vtable">
<?php if (isset($userid) && $a_user): ?>
- <input name="userid" type="hidden" value="<?=$userid;?>" />
+ <input name="userid" type="hidden" value="<?=htmlspecialchars($userid);?>" />
<?php endif;?>
<select name='certref' class="formselect">
<?php
@@ -1003,7 +1006,7 @@ function internalca_change() {
<td width="78%">
<input id="submit" name="save" type="submit" class="formbtn" value="<?=gettext("Save");?>" />
<?php if (isset($id) && $a_cert[$id]): ?>
- <input name="id" type="hidden" value="<?=$id;?>" />
+ <input name="id" type="hidden" value="<?=htmlspecialchars($id);?>" />
<?php endif;?>
</td>
</tr>
@@ -1056,7 +1059,7 @@ function internalca_change() {
<?php endif; */ ?>
<input id="submit" name="save" type="submit" class="formbtn" value="<?=gettext("Update");?>" />
<?php if (isset($id) && $a_cert[$id]): ?>
- <input name="id" type="hidden" value="<?=$id;?>" />
+ <input name="id" type="hidden" value="<?=htmlspecialchars($id);?>" />
<input name="act" type="hidden" value="csr" />
<?php endif;?>
</td>
diff --git a/usr/local/www/system_crlmanager.php b/usr/local/www/system_crlmanager.php
index 3b6bb5f..5d244a1 100644
--- a/usr/local/www/system_crlmanager.php
+++ b/usr/local/www/system_crlmanager.php
@@ -49,8 +49,9 @@ $crl_methods = array(
"internal" => gettext("Create an internal Certificate Revocation List"),
"existing" => gettext("Import an existing Certificate Revocation List"));
-$id = $_GET['id'];
-if (isset($_POST['id']))
+if (is_numericint($_GET['id']))
+ $id = $_GET['id'];
+if (isset($_POST['id']) && is_numericint($_POST['id']))
$id = $_POST['id'];
if (!is_array($config['ca']))
@@ -388,7 +389,7 @@ function method_change() {
<td width="78%">
<input id="submit" name="save" type="submit" class="formbtn" value="<?=gettext("Save"); ?>" />
<?php if (isset($id) && $thiscrl): ?>
- <input name="id" type="hidden" value="<?=$id;?>" />
+ <input name="id" type="hidden" value="<?=htmlspecialchars($id);?>" />
<?php endif;?>
</td>
</tr>
@@ -419,7 +420,7 @@ function method_change() {
<td width="22%" valign="top">&nbsp;</td>
<td width="78%">
<input id="submit" name="save" type="submit" class="formbtn" value="<?=gettext("Save"); ?>" />
- <input name="id" type="hidden" value="<?=$id;?>" />
+ <input name="id" type="hidden" value="<?=htmlspecialchars($id);?>" />
<input name="act" type="hidden" value="editimported" />
</td>
</tr>
@@ -637,4 +638,4 @@ method_change();
</script>
</body>
-</html> \ No newline at end of file
+</html>
diff --git a/usr/local/www/system_gateway_groups_edit.php b/usr/local/www/system_gateway_groups_edit.php
index fadc283..ecab27a 100755
--- a/usr/local/www/system_gateway_groups_edit.php
+++ b/usr/local/www/system_gateway_groups_edit.php
@@ -55,13 +55,13 @@ $categories = array('down' => gettext("Member Down"),
'downlatency' => gettext("High Latency"),
'downlosslatency' => gettext("Packet Loss or High Latency"));
-$id = $_GET['id'];
-if (isset($_POST['id']))
+if (is_numericint($_GET['id']))
+ $id = $_GET['id'];
+if (isset($_POST['id']) && is_numericint($_POST['id']))
$id = $_POST['id'];
-if (isset($_GET['dup'])) {
+if (isset($_GET['dup']) && is_numericint($_GET['dup']))
$id = $_GET['dup'];
-}
if (isset($id) && $a_gateway_groups[$id]) {
$pconfig['name'] = $a_gateway_groups[$id]['name'];
@@ -70,7 +70,7 @@ if (isset($id) && $a_gateway_groups[$id]) {
$pconfig['trigger'] = $a_gateway_groups[$id]['trigger'];
}
-if (isset($_GET['dup']))
+if (isset($_GET['dup']) && is_numericint($_GET['dup']))
unset($id);
if ($_POST) {
diff --git a/usr/local/www/system_gateways_edit.php b/usr/local/www/system_gateways_edit.php
index b82bb31..4e46a16 100755
--- a/usr/local/www/system_gateways_edit.php
+++ b/usr/local/www/system_gateways_edit.php
@@ -55,13 +55,13 @@ if (!is_array($config['gateways']['gateway_item']))
$a_gateway_item = &$config['gateways']['gateway_item'];
$apinger_default = return_apinger_defaults();
-$id = $_GET['id'];
-if (isset($_POST['id']))
+if (is_numericint($_GET['id']))
+ $id = $_GET['id'];
+if (isset($_POST['id']) && is_numericint($_POST['id']))
$id = $_POST['id'];
-if (isset($_GET['dup'])) {
+if (isset($_GET['dup']) && is_numericint($_GET['dup']))
$id = $_GET['dup'];
-}
if (isset($id) && $a_gateways[$id]) {
$pconfig = array();
@@ -86,7 +86,7 @@ if (isset($id) && $a_gateways[$id]) {
$pconfig['attribute'] = $a_gateways[$id]['attribute'];
}
-if (isset($_GET['dup'])) {
+if (isset($_GET['dup']) && is_numericint($_GET['dup'])) {
unset($id);
unset($pconfig['attribute']);
}
diff --git a/usr/local/www/system_groupmanager_addprivs.php b/usr/local/www/system_groupmanager_addprivs.php
index 29f0193..1c20a07 100644
--- a/usr/local/www/system_groupmanager_addprivs.php
+++ b/usr/local/www/system_groupmanager_addprivs.php
@@ -55,8 +55,9 @@ require("guiconfig.inc");
$pgtitle = array(gettext("System"),gettext("Group manager"),gettext("Add privileges"));
-$groupid = $_GET['groupid'];
-if (isset($_POST['groupid']))
+if (is_numericint($_GET['groupid']))
+ $groupid = $_GET['groupid'];
+if (isset($_POST['groupid']) && is_numericint($_POST['groupid']))
$groupid = $_POST['groupid'];
$a_group = & $config['system']['group'][$groupid];
@@ -224,7 +225,7 @@ function update_description() {
<input id="submitt" name="Submit" type="submit" class="formbtn" value="<?=gettext("Save");?>" />
<input id="cancelbutton" class="formbtn" type="button" value="<?=gettext("Cancel");?>" onclick="history.back()" />
<?php if (isset($groupid)): ?>
- <input name="groupid" type="hidden" value="<?=$groupid;?>" />
+ <input name="groupid" type="hidden" value="<?=htmlspecialchars($groupid);?>" />
<?php endif; ?>
</td>
</tr>
diff --git a/usr/local/www/system_routes_edit.php b/usr/local/www/system_routes_edit.php
index 631fab0..93a0f7c 100755
--- a/usr/local/www/system_routes_edit.php
+++ b/usr/local/www/system_routes_edit.php
@@ -63,13 +63,13 @@ if (!is_array($config['staticroutes']['route']))
$a_routes = &$config['staticroutes']['route'];
$a_gateways = return_gateways_array(true, true);
-$id = $_GET['id'];
-if (isset($_POST['id']))
+if (is_numericint($_GET['id']))
+ $id = $_GET['id'];
+if (isset($_POST['id']) && is_numericint($_POST['id']))
$id = $_POST['id'];
-if (isset($_GET['dup'])) {
+if (isset($_GET['dup']) && is_numericint($_GET['dup']))
$id = $_GET['dup'];
-}
if (isset($id) && $a_routes[$id]) {
list($pconfig['network'],$pconfig['network_subnet']) =
@@ -79,7 +79,7 @@ if (isset($id) && $a_routes[$id]) {
$pconfig['disabled'] = isset($a_routes[$id]['disabled']);
}
-if (isset($_GET['dup']))
+if (isset($_GET['dup']) && is_numericint($_GET['dup']))
unset($id);
if ($_POST) {
diff --git a/usr/local/www/system_usermanager.php b/usr/local/www/system_usermanager.php
index 5cdaae3..719b187 100644
--- a/usr/local/www/system_usermanager.php
+++ b/usr/local/www/system_usermanager.php
@@ -53,8 +53,9 @@ require("guiconfig.inc");
// start admin user code
$pgtitle = array(gettext("System"),gettext("User Manager"));
-$id = $_GET['id'];
-if (isset($_POST['id']))
+if (is_numericint($_GET['id']))
+ $id = $_GET['id'];
+if (isset($_POST['id']) && is_numericint($_POST['id']))
$id = $_POST['id'];
if (!is_array($config['system']['user']))
@@ -773,7 +774,7 @@ function sshkeyClicked(obj) {
<td width="78%">
<input id="submit" name="save" type="submit" class="formbtn" value="<?=gettext("Save");?>" />
<?php if (isset($id) && $a_user[$id]): ?>
- <input name="id" type="hidden" value="<?=$id;?>" />
+ <input name="id" type="hidden" value="<?=htmlspecialchars($id);?>" />
<?php endif;?>
</td>
</tr>
diff --git a/usr/local/www/system_usermanager_addprivs.php b/usr/local/www/system_usermanager_addprivs.php
index ba5aad9..b93ad9c 100644
--- a/usr/local/www/system_usermanager_addprivs.php
+++ b/usr/local/www/system_usermanager_addprivs.php
@@ -46,8 +46,9 @@ require("guiconfig.inc");
$pgtitle = array("System","User manager","Add privileges");
-$userid = $_GET['userid'];
-if (isset($_POST['userid']))
+if (is_numericint($_GET['userid']))
+ $userid = $_GET['userid'];
+if (isset($_POST['userid']) && is_numericint($_POST['userid']))
$userid = $_POST['userid'];
$a_user = & $config['system']['user'][$userid];
@@ -195,7 +196,7 @@ function update_description() {
<input id="submitt" name="Submit" type="submit" class="formbtn" value="<?=gettext("Save");?>" />
<input id="cancelbutton" class="formbtn" type="button" value="<?=gettext("Cancel");?>" onclick="history.back()" />
<?php if (isset($userid)): ?>
- <input name="userid" type="hidden" value="<?=$userid;?>" />
+ <input name="userid" type="hidden" value="<?=htmlspecialchars($userid);?>" />
<?php endif; ?>
</td>
</tr>
diff --git a/usr/local/www/vpn_ipsec_keys_edit.php b/usr/local/www/vpn_ipsec_keys_edit.php
index 4863943..fdb1b8f 100644
--- a/usr/local/www/vpn_ipsec_keys_edit.php
+++ b/usr/local/www/vpn_ipsec_keys_edit.php
@@ -46,8 +46,9 @@ if (!is_array($config['ipsec']['mobilekey'])) {
ipsec_mobilekey_sort();
$a_secret = &$config['ipsec']['mobilekey'];
-$id = $_GET['id'];
-if (isset($_POST['id']))
+if (is_numericint($_GET['id']))
+ $id = $_GET['id'];
+if (isset($_POST['id']) && is_numericint($_POST['id']))
$id = $_POST['id'];
if (isset($id) && $a_secret[$id]) {
diff --git a/usr/local/www/vpn_ipsec_phase1.php b/usr/local/www/vpn_ipsec_phase1.php
index 9d850df..f69cfd3 100644
--- a/usr/local/www/vpn_ipsec_phase1.php
+++ b/usr/local/www/vpn_ipsec_phase1.php
@@ -50,17 +50,17 @@ if (!is_array($config['ipsec']['phase2']))
$a_phase1 = &$config['ipsec']['phase1'];
$a_phase2 = &$config['ipsec']['phase2'];
-$p1index = $_GET['p1index'];
-if (isset($_POST['p1index']))
+if (is_numericint($_GET['p1index']))
+ $p1index = $_GET['p1index'];
+if (isset($_POST['p1index']) && is_numericint($_GET['p1index']))
$p1index = $_POST['p1index'];
-if (isset($_GET['dup'])) {
+if (isset($_GET['dup']) && is_numericint($_GET['dup']))
$p1index = $_GET['dup'];
-}
if (isset($p1index) && $a_phase1[$p1index]) {
// don't copy the ikeid on dup
- if (!isset($_GET['dup']))
+ if (!isset($_GET['dup']) || !is_numericint($_GET['dup']))
$pconfig['ikeid'] = $a_phase1[$p1index]['ikeid'];
$old_ph1ent = $a_phase1[$p1index];
@@ -132,7 +132,7 @@ if (isset($p1index) && $a_phase1[$p1index]) {
$pconfig['mobile']=true;
}
-if (isset($_GET['dup']))
+if (isset($_GET['dup']) && is_numericint($_GET['dup']))
unset($p1index);
if ($_POST) {
@@ -892,7 +892,7 @@ function dpdchkbox_change() {
<td width="22%" valign="top">&nbsp;</td>
<td width="78%">
<?php if (isset($p1index) && $a_phase1[$p1index]): ?>
- <input name="p1index" type="hidden" value="<?=$p1index;?>"/>
+ <input name="p1index" type="hidden" value="<?=htmlspecialchars($p1index);?>"/>
<?php endif; ?>
<?php if ($pconfig['mobile']): ?>
<input name="mobile" type="hidden" value="true"/>
diff --git a/usr/local/www/vpn_ipsec_phase2.php b/usr/local/www/vpn_ipsec_phase2.php
index cec02ed..b2643c7 100644
--- a/usr/local/www/vpn_ipsec_phase2.php
+++ b/usr/local/www/vpn_ipsec_phase2.php
@@ -51,11 +51,12 @@ if (!is_array($config['ipsec']['phase2']))
$a_phase2 = &$config['ipsec']['phase2'];
-$p2index = $_GET['p2index'];
-if (isset($_POST['p2index']))
+if (is_numericint($_GET['p2index']))
+ $p2index = $_GET['p2index'];
+if (isset($_POST['p2index']) && is_numericint($_GET['p2index']))
$p2index = $_POST['p2index'];
-if (isset($_GET['dup']))
+if (isset($_GET['dup']) && is_numericint($_GET['dup']))
$p2index = $_GET['dup'];
if (isset($p2index) && $a_phase2[$p2index])
@@ -99,7 +100,7 @@ else
$pconfig['mobile']=true;
}
-if (isset($_GET['dup']))
+if (isset($_GET['dup']) && is_numericint($_GET['dup']))
unset($p2index);
if ($_POST) {
@@ -782,7 +783,7 @@ function change_protocol() {
<td width="22%" valign="top">&nbsp;</td>
<td width="78%">
<?php if (isset($p2index) && $a_phase2[$p2index]): ?>
- <input name="p2index" type="hidden" value="<?=$p2index;?>"/>
+ <input name="p2index" type="hidden" value="<?=htmlspecialchars($p2index);?>"/>
<?php endif; ?>
<?php if ($pconfig['mobile']): ?>
<input name="mobile" type="hidden" value="true"/>
diff --git a/usr/local/www/vpn_l2tp_users_edit.php b/usr/local/www/vpn_l2tp_users_edit.php
index bae2a10..f56298f 100644
--- a/usr/local/www/vpn_l2tp_users_edit.php
+++ b/usr/local/www/vpn_l2tp_users_edit.php
@@ -59,8 +59,9 @@ if (!is_array($config['l2tp']['user'])) {
}
$a_secret = &$config['l2tp']['user'];
-$id = $_GET['id'];
-if (isset($_POST['id']))
+if (is_numericint($_GET['id']))
+ $id = $_GET['id'];
+if (isset($_POST['id']) && is_numericint($_POST['id']))
$id = $_POST['id'];
if (isset($id) && $a_secret[$id]) {
diff --git a/usr/local/www/vpn_openvpn_client.php b/usr/local/www/vpn_openvpn_client.php
index c692959..bc4dfea 100644
--- a/usr/local/www/vpn_openvpn_client.php
+++ b/usr/local/www/vpn_openvpn_client.php
@@ -60,8 +60,9 @@ if (!is_array($config['crl']))
$a_crl =& $config['crl'];
-$id = $_GET['id'];
-if (isset($_POST['id']))
+if (is_numericint($_GET['id']))
+ $id = $_GET['id'];
+if (isset($_POST['id']) && is_numericint($_POST['id']))
$id = $_POST['id'];
$act = $_GET['act'];
@@ -922,7 +923,7 @@ if ($savemsg)
<input name="save" type="submit" class="formbtn" value="<?=gettext("Save"); ?>"/>
<input name="act" type="hidden" value="<?=$act;?>"/>
<?php if (isset($id) && $a_client[$id]): ?>
- <input name="id" type="hidden" value="<?=$id;?>"/>
+ <input name="id" type="hidden" value="<?=htmlspecialchars($id);?>"/>
<?php endif; ?>
</td>
</tr>
diff --git a/usr/local/www/vpn_openvpn_csc.php b/usr/local/www/vpn_openvpn_csc.php
index 0d12dfb..aebea01 100644
--- a/usr/local/www/vpn_openvpn_csc.php
+++ b/usr/local/www/vpn_openvpn_csc.php
@@ -45,8 +45,9 @@ if (!is_array($config['openvpn']['openvpn-csc']))
$a_csc = &$config['openvpn']['openvpn-csc'];
-$id = $_GET['id'];
-if (isset($_POST['id']))
+if (is_numericint($_GET['id']))
+ $id = $_GET['id'];
+if (isset($_POST['id']) && is_numericint($_POST['id']))
$id = $_POST['id'];
$act = $_GET['act'];
@@ -660,7 +661,7 @@ function netbios_change() {
<input name="save" type="submit" class="formbtn" value="<?=gettext("Save"); ?>"/>
<input name="act" type="hidden" value="<?=$act;?>"/>
<?php if (isset($id) && $a_csc[$id]): ?>
- <input name="id" type="hidden" value="<?=$id;?>"/>
+ <input name="id" type="hidden" value="<?=htmlspecialchars($id);?>"/>
<?php endif; ?>
</td>
</tr>
diff --git a/usr/local/www/vpn_openvpn_server.php b/usr/local/www/vpn_openvpn_server.php
index 4b47b3c..90e2b47 100644
--- a/usr/local/www/vpn_openvpn_server.php
+++ b/usr/local/www/vpn_openvpn_server.php
@@ -61,8 +61,9 @@ foreach ($a_crl as $cid => $acrl)
if (!isset($acrl['refid']))
unset ($a_crl[$cid]);
-$id = $_GET['id'];
-if (isset($_POST['id']))
+if (is_numericint($_GET['id']))
+ $id = $_GET['id'];
+if (isset($_POST['id']) && is_numericint($_POST['id']))
$id = $_POST['id'];
$act = $_GET['act'];
@@ -1672,7 +1673,7 @@ if ($savemsg)
<input name="save" type="submit" class="formbtn" value="<?=gettext("Save"); ?>"/>
<input name="act" type="hidden" value="<?=$act;?>"/>
<?php if (isset($id) && $a_server[$id]): ?>
- <input name="id" type="hidden" value="<?=$id;?>">
+ <input name="id" type="hidden" value="<?=htmlspecialchars($id);?>">
<?php endif; ?>
</td>
</tr>
diff --git a/usr/local/www/vpn_pppoe_edit.php b/usr/local/www/vpn_pppoe_edit.php
index e5e6403..b667da7 100755
--- a/usr/local/www/vpn_pppoe_edit.php
+++ b/usr/local/www/vpn_pppoe_edit.php
@@ -60,9 +60,10 @@ if (!is_array($config['pppoes']['pppoe'])) {
}
$a_pppoes = &$config['pppoes']['pppoe'];
-$id = $_GET['id'];
-if (isset($_POST['id']))
- $id = $_POST['id'];
+if (is_numericint($_GET['id']))
+ $id = $_GET['id'];
+if (isset($_POST['id']) && is_numericint($_POST['id']))
+ $id = $_POST['id'];
if (isset($id) && $a_pppoes[$id]) {
$pppoecfg =& $a_pppoes[$id];
diff --git a/usr/local/www/vpn_pptp_users_edit.php b/usr/local/www/vpn_pptp_users_edit.php
index e058442..4d2acd3 100755
--- a/usr/local/www/vpn_pptp_users_edit.php
+++ b/usr/local/www/vpn_pptp_users_edit.php
@@ -56,8 +56,9 @@ if (!is_array($config['pptpd']['user'])) {
}
$a_secret = &$config['pptpd']['user'];
-$id = $_GET['id'];
-if (isset($_POST['id']))
+if (is_numericint($_GET['id']))
+ $id = $_GET['id'];
+if (isset($_POST['id']) && is_numericint($_POST['id']))
$id = $_POST['id'];
if (isset($id) && $a_secret[$id]) {
OpenPOWER on IntegriCloud