diff options
author | Renato Botelho <garga@FreeBSD.org> | 2014-03-12 11:35:57 -0300 |
---|---|---|
committer | Renato Botelho <garga@FreeBSD.org> | 2014-03-12 11:42:32 -0300 |
commit | 0e6cf71b17cc57c40aebc64359c1a27e2515b7b7 (patch) | |
tree | 8e409a77838a21da4644e4d3f39d05acf17a4952 | |
parent | 3b77ba4a2a96a388682d564c3b9b7517bbbfdb21 (diff) | |
download | pfsense-0e6cf71b17cc57c40aebc64359c1a27e2515b7b7.zip pfsense-0e6cf71b17cc57c40aebc64359c1a27e2515b7b7.tar.gz |
Improve checks for params 'id', 'dup' and other similar ones to make sure they are numeric integer, also, pass them through htmlspecialchars() before print
66 files changed, 234 insertions, 194 deletions
diff --git a/usr/local/www/firewall_aliases_edit.php b/usr/local/www/firewall_aliases_edit.php index f787d1e..57ce1f3 100755 --- a/usr/local/www/firewall_aliases_edit.php +++ b/usr/local/www/firewall_aliases_edit.php @@ -92,8 +92,9 @@ function alias_same_type($name, $type) { return true; } -$id = $_GET['id']; -if (isset($_POST['id'])) +if (is_numericint($_GET['id'])) + $id = $_GET['id']; +if (isset($_POST['id']) && is_numericint($_POST['id'])) $id = $_POST['id']; if (isset($id) && $a_aliases[$id]) { diff --git a/usr/local/www/firewall_nat_1to1_edit.php b/usr/local/www/firewall_nat_1to1_edit.php index 8f54686..12afa3d 100755 --- a/usr/local/www/firewall_nat_1to1_edit.php +++ b/usr/local/www/firewall_nat_1to1_edit.php @@ -70,8 +70,9 @@ if (!is_array($config['nat']['onetoone'])) { } $a_1to1 = &$config['nat']['onetoone']; -$id = $_GET['id']; -if (isset($_POST['id'])) +if (is_numericint($_GET['id'])) + $id = $_GET['id']; +if (isset($_POST['id']) && is_numericint($_POST['id'])) $id = $_POST['id']; if (isset($id) && $a_1to1[$id]) { diff --git a/usr/local/www/firewall_nat_edit.php b/usr/local/www/firewall_nat_edit.php index b879481..0b25304 100755 --- a/usr/local/www/firewall_nat_edit.php +++ b/usr/local/www/firewall_nat_edit.php @@ -56,16 +56,17 @@ if (!is_array($config['nat']['rule'])) { } $a_nat = &$config['nat']['rule']; -$id = $_GET['id']; -if (isset($_POST['id'])) +if (is_numericint($_GET['id'])) + $id = $_GET['id']; +if (isset($_POST['id']) && is_numericint($_POST['id'])) $id = $_POST['id']; -$after = $_GET['after']; - -if (isset($_POST['after'])) +if (is_numericint($_GET['after'])) + $after = $_GET['after']; +if (isset($_POST['after']) && is_numericint($_GET['after'])) $after = $_POST['after']; -if (isset($_GET['dup'])) { +if (isset($_GET['dup']) && is_numericint($_GET['dup'])) { $id = $_GET['dup']; $after = $_GET['dup']; } @@ -105,7 +106,7 @@ if (isset($id) && $a_nat[$id]) { $pconfig['srcendport'] = "any"; } -if (isset($_GET['dup'])) +if (isset($_GET['dup']) && is_numericint($_GET['dup'])) unset($id); /* run through $_POST items encoding HTML entties so that the user @@ -804,7 +805,7 @@ include("fbegin.inc"); ?> </select> </td> </tr> - <?php if (isset($id) && $a_nat[$id] && !isset($_GET['dup'])): ?> + <?php if (isset($id) && $a_nat[$id] && (!isset($_GET['dup']) || !is_numericint($_GET['dup']))): ?> <tr id="assoctable"> <td width="22%" valign="top" class="vncell"><?=gettext("Filter rule association"); ?></td> <td width="78%" class="vtable"> @@ -835,7 +836,7 @@ include("fbegin.inc"); ?> </td> </tr> <?php endif; ?> - <?php if ((!(isset($id) && $a_nat[$id])) || (isset($_GET['dup']))): ?> + <?php if ((!(isset($id) && $a_nat[$id])) || (isset($_GET['dup']) && is_numericint($_GET['dup']))): ?> <tr id="assoctable"> <td width="22%" valign="top" class="vncell"><?=gettext("Filter rule association"); ?></td> <td width="78%" class="vtable"> diff --git a/usr/local/www/firewall_nat_npt_edit.php b/usr/local/www/firewall_nat_npt_edit.php index 583490f..70dd97c 100644 --- a/usr/local/www/firewall_nat_npt_edit.php +++ b/usr/local/www/firewall_nat_npt_edit.php @@ -69,8 +69,9 @@ if (!is_array($config['nat']['npt'])) { } $a_npt = &$config['nat']['npt']; -$id = $_GET['id']; -if (isset($_POST['id'])) +if (is_numericint($_GET['id'])) + $id = $_GET['id']; +if (isset($_POST['id']) && is_numericint($_POST['id'])) $id = $_POST['id']; if (isset($id) && $a_npt[$id]) { diff --git a/usr/local/www/firewall_nat_out_edit.php b/usr/local/www/firewall_nat_out_edit.php index a187afd..aae4319 100755 --- a/usr/local/www/firewall_nat_out_edit.php +++ b/usr/local/www/firewall_nat_out_edit.php @@ -58,19 +58,19 @@ if (!is_array($config['aliases']['alias'])) $config['aliases']['alias'] = array(); $a_aliases = &$config['aliases']['alias']; -$id = $_GET['id']; -if (isset($_POST['id'])) { +if (is_numericint($_GET['id'])) + $id = $_GET['id']; +if (isset($_POST['id']) && is_numericint($_POST['id'])) $id = $_POST['id']; -} - -$after = $_GET['after']; -if (isset($_POST['after'])) +if (is_numericint($_GET['after'])) + $after = $_GET['after']; +if (isset($_POST['after']) && is_numericint($_GET['after'])) $after = $_POST['after']; -if (isset($_GET['dup'])) { - $id = $_GET['dup']; - $after = $_GET['dup']; +if (isset($_GET['dup']) && is_numericint($_GET['dup'])) { + $id = $_GET['dup']; + $after = $_GET['dup']; } if (isset($id) && $a_out[$id]) { @@ -109,9 +109,8 @@ if (isset($id) && $a_out[$id]) { $pconfig['interface'] = "wan"; } -if (isset($_GET['dup'])) { - unset($id); -} +if (isset($_GET['dup']) && is_numericint($_GET['dup'])) + unset($id); if ($_POST) { if ($_POST['destination_type'] == "any") { diff --git a/usr/local/www/firewall_rules_edit.php b/usr/local/www/firewall_rules_edit.php index d4efe51..10192cb 100755 --- a/usr/local/www/firewall_rules_edit.php +++ b/usr/local/www/firewall_rules_edit.php @@ -81,18 +81,19 @@ if (!is_array($config['filter']['rule'])) { filter_rules_sort(); $a_filter = &$config['filter']['rule']; -$id = $_GET['id']; -if (is_numeric($_POST['id'])) +if (is_numericint($_GET['id'])) + $id = $_GET['id']; +if (isset($_POST['id']) && is_numericint($_POST['id'])) $id = $_POST['id']; -$after = $_GET['after']; - -if (isset($_POST['after'])) +if (is_numericint($_GET['after'])) + $after = $_GET['after']; +if (isset($_POST['after']) && is_numericint($_GET['after'])) $after = $_POST['after']; -if (isset($_GET['dup'])) { - $id = $_GET['dup']; - $after = $_GET['dup']; +if (isset($_GET['dup']) && is_numericint($_GET['dup'])) { + $id = $_GET['dup']; + $after = $_GET['dup']; } if (isset($id) && $a_filter[$id]) { @@ -202,7 +203,7 @@ if (isset($id) && $a_filter[$id]) { $pconfig['sched'] = (($a_filter[$id]['sched'] == "none") ? '' : $a_filter[$id]['sched']); $pconfig['vlanprio'] = (($a_filter[$id]['vlanprio'] == "none") ? '' : $a_filter[$id]['vlanprio']); $pconfig['vlanprioset'] = (($a_filter[$id]['vlanprioset'] == "none") ? '' : $a_filter[$id]['vlanprioset']); - if (!isset($_GET['dup'])) + if (!isset($_GET['dup']) || !is_numericint($_GET['dup'])) $pconfig['associated-rule-id'] = $a_filter[$id]['associated-rule-id']; } else { @@ -216,7 +217,7 @@ if (isset($id) && $a_filter[$id]) { /* Allow the FloatingRules to work */ $if = $pconfig['interface']; -if (isset($_GET['dup'])) +if (isset($_GET['dup']) && is_numericint($_GET['dup'])) unset($id); read_altq_config(); /* XXX: */ diff --git a/usr/local/www/firewall_schedule_edit.php b/usr/local/www/firewall_schedule_edit.php index 5de6a27..b02dbd1 100644 --- a/usr/local/www/firewall_schedule_edit.php +++ b/usr/local/www/firewall_schedule_edit.php @@ -74,9 +74,9 @@ if (!is_array($config['schedules']['schedule'])) $a_schedules = &$config['schedules']['schedule']; - -$id = $_GET['id']; -if (isset($_POST['id'])) +if (is_numericint($_GET['id'])) + $id = $_GET['id']; +if (isset($_POST['id']) && is_numericint($_POST['id'])) $id = $_POST['id']; if (isset($id) && $a_schedules[$id]) { diff --git a/usr/local/www/firewall_virtual_ip.php b/usr/local/www/firewall_virtual_ip.php index 3a3cb3d..3703d55 100755 --- a/usr/local/www/firewall_virtual_ip.php +++ b/usr/local/www/firewall_virtual_ip.php @@ -192,7 +192,7 @@ if ($_GET['act'] == "del") { exit; } } -} else if ($_GET['changes'] == "mods") +} else if ($_GET['changes'] == "mods" && is_numericint($_GET['id'])) $id = $_GET['id']; $pgtitle = array(gettext("Firewall"),gettext("Virtual IP Addresses")); @@ -224,7 +224,7 @@ include("head.inc"); ?> </td></tr> <tr> - <td><input type="hidden" id="id" name="id" value="<?php echo $id; ?>" /></td> + <td><input type="hidden" id="id" name="id" value="<?php echo htmlspecialchars($id); ?>" /></td> </tr> <tr> <td> diff --git a/usr/local/www/firewall_virtual_ip_edit.php b/usr/local/www/firewall_virtual_ip_edit.php index b97b593..966719e 100755 --- a/usr/local/www/firewall_virtual_ip_edit.php +++ b/usr/local/www/firewall_virtual_ip_edit.php @@ -58,10 +58,10 @@ if (!is_array($config['virtualip']['vip'])) { } $a_vip = &$config['virtualip']['vip']; -if (isset($_POST['id'])) - $id = $_POST['id']; -else +if (is_numericint($_GET['id'])) $id = $_GET['id']; +if (isset($_POST['id']) && is_numericint($_POST['id'])) + $id = $_POST['id']; function return_first_two_octets($ip) { $ip_split = explode(".", $ip); diff --git a/usr/local/www/interfaces.php b/usr/local/www/interfaces.php index 0d452c7..4e92762 100755 --- a/usr/local/www/interfaces.php +++ b/usr/local/www/interfaces.php @@ -2769,7 +2769,7 @@ $types6 = array("none" => gettext("None"), "staticv6" => gettext("Static IPv6"), <br/> <input id="save" name="Submit" type="submit" class="formbtn" value="<?=gettext("Save"); ?>" /> <input id="cancel" type="button" class="formbtn" value="<?=gettext("Cancel"); ?>" onclick="history.back()" /> - <input name="if" type="hidden" id="if" value="<?=$if;?>" /> + <input name="if" type="hidden" id="if" value="<?=htmlspecialchars($if);?>" /> <?php if ($wancfg['if'] == $a_ppps[$pppid]['if']) : ?> <input name="ppp_port" type="hidden" value="<?=htmlspecialchars($pconfig['port']);?>" /> <?php endif; ?> diff --git a/usr/local/www/interfaces_bridge_edit.php b/usr/local/www/interfaces_bridge_edit.php index 1565abc..8ef6043 100644 --- a/usr/local/www/interfaces_bridge_edit.php +++ b/usr/local/www/interfaces_bridge_edit.php @@ -51,8 +51,9 @@ foreach ($ifacelist as $bif => $bdescr) { unset($ifacelist[$bif]); } -$id = $_GET['id']; -if (isset($_POST['id'])) +if (is_numericint($_GET['id'])) + $id = $_GET['id']; +if (isset($_POST['id']) && is_numericint($_POST['id'])) $id = $_POST['id']; if (isset($id) && $a_bridges[$id]) { diff --git a/usr/local/www/interfaces_gif_edit.php b/usr/local/www/interfaces_gif_edit.php index b5eb89c..4add083 100644 --- a/usr/local/www/interfaces_gif_edit.php +++ b/usr/local/www/interfaces_gif_edit.php @@ -45,9 +45,9 @@ if (!is_array($config['gifs']['gif'])) $a_gifs = &$config['gifs']['gif']; - -$id = $_GET['id']; -if (isset($_POST['id'])) +if (is_numericint($_GET['id'])) + $id = $_GET['id']; +if (isset($_POST['id']) && is_numericint($_POST['id'])) $id = $_POST['id']; if (isset($id) && $a_gifs[$id]) { diff --git a/usr/local/www/interfaces_gre_edit.php b/usr/local/www/interfaces_gre_edit.php index 984def3..5d97cd6 100644 --- a/usr/local/www/interfaces_gre_edit.php +++ b/usr/local/www/interfaces_gre_edit.php @@ -46,9 +46,9 @@ if (!is_array($config['gres']['gre'])) $a_gres = &$config['gres']['gre']; - -$id = $_GET['id']; -if (isset($_POST['id'])) +if (is_numericint($_GET['id'])) + $id = $_GET['id']; +if (isset($_POST['id']) && is_numericint($_POST['id'])) $id = $_POST['id']; if (isset($id) && $a_gres[$id]) { diff --git a/usr/local/www/interfaces_groups_edit.php b/usr/local/www/interfaces_groups_edit.php index 6551323..a5960be 100755 --- a/usr/local/www/interfaces_groups_edit.php +++ b/usr/local/www/interfaces_groups_edit.php @@ -49,9 +49,9 @@ if (!is_array($config['ifgroups']['ifgroupentry'])) $a_ifgroups = &$config['ifgroups']['ifgroupentry']; -if (isset($_GET['id'])) +if (is_numericint($_GET['id'])) $id = $_GET['id']; -if (isset($_POST['id'])) +if (isset($_POST['id']) && is_numericint($_POST['id'])) $id = $_POST['id']; if (isset($id) && $a_ifgroups[$id]) { diff --git a/usr/local/www/interfaces_lagg_edit.php b/usr/local/www/interfaces_lagg_edit.php index 26595f9..af4846e 100644 --- a/usr/local/www/interfaces_lagg_edit.php +++ b/usr/local/www/interfaces_lagg_edit.php @@ -64,8 +64,9 @@ foreach ($checklist as $tmpif) $laggprotos = array("none", "lacp", "failover", "fec", "loadbalance", "roundrobin"); -$id = $_GET['id']; -if (isset($_POST['id'])) +if (is_numericint($_GET['id'])) + $id = $_GET['id']; +if (isset($_POST['id']) && is_numericint($_POST['id'])) $id = $_POST['id']; if (isset($id) && $a_laggs[$id]) { diff --git a/usr/local/www/interfaces_ppps_edit.php b/usr/local/www/interfaces_ppps_edit.php index efa6f89..fe0e1e8 100644 --- a/usr/local/www/interfaces_ppps_edit.php +++ b/usr/local/www/interfaces_ppps_edit.php @@ -64,8 +64,9 @@ if (is_array($config['vlans']['vlan']) && count($config['vlans']['vlan'])) { } } -$id = $_GET['id']; -if (isset($_POST['id'])) +if (is_numericint($_GET['id'])) + $id = $_GET['id']; +if (isset($_POST['id']) && is_numericint($_POST['id'])) $id = $_POST['id']; if (isset($id) && $a_ppps[$id]) { diff --git a/usr/local/www/interfaces_qinq_edit.php b/usr/local/www/interfaces_qinq_edit.php index adb584a..093f3a2 100755 --- a/usr/local/www/interfaces_qinq_edit.php +++ b/usr/local/www/interfaces_qinq_edit.php @@ -59,8 +59,9 @@ if (count($portlist) < 1) { exit; } -$id = $_GET['id']; -if (isset($_POST['id'])) +if (is_numericint($_GET['id'])) + $id = $_GET['id']; +if (isset($_POST['id']) && is_numericint($_POST['id'])) $id = $_POST['id']; if (isset($id) && $a_qinqs[$id]) { diff --git a/usr/local/www/interfaces_vlan_edit.php b/usr/local/www/interfaces_vlan_edit.php index ced8611..bae4dab 100755 --- a/usr/local/www/interfaces_vlan_edit.php +++ b/usr/local/www/interfaces_vlan_edit.php @@ -54,8 +54,9 @@ if (is_array($config['laggs']['lagg']) && count($config['laggs']['lagg'])) { $portlist[$lagg['laggif']] = $lagg; } -$id = $_GET['id']; -if (isset($_POST['id'])) +if (is_numericint($_GET['id'])) + $id = $_GET['id']; +if (isset($_POST['id']) && is_numericint($_POST['id'])) $id = $_POST['id']; if (isset($id) && $a_vlans[$id]) { diff --git a/usr/local/www/interfaces_wireless_edit.php b/usr/local/www/interfaces_wireless_edit.php index 71c4e85..a9c96a3 100644 --- a/usr/local/www/interfaces_wireless_edit.php +++ b/usr/local/www/interfaces_wireless_edit.php @@ -65,8 +65,9 @@ function clone_compare($a, $b) { $portlist = get_interface_list(); -$id = $_GET['id']; -if (isset($_POST['id'])) +if (is_numericint($_GET['id'])) + $id = $_GET['id']; +if (isset($_POST['id']) && is_numericint($_POST['id'])) $id = $_POST['id']; if (isset($id) && $a_clones[$id]) { diff --git a/usr/local/www/load_balancer_monitor_edit.php b/usr/local/www/load_balancer_monitor_edit.php index 271b2f6..33fb7de 100755 --- a/usr/local/www/load_balancer_monitor_edit.php +++ b/usr/local/www/load_balancer_monitor_edit.php @@ -46,10 +46,10 @@ if (!is_array($config['load_balancer']['monitor_type'])) { } $a_monitor = &$config['load_balancer']['monitor_type']; -if (isset($_POST['id'])) - $id = $_POST['id']; -else +if (is_numericint($_GET['id'])) $id = $_GET['id']; +if (isset($_POST['id']) && is_numericint($_POST['id'])) + $id = $_POST['id']; if (isset($id) && $a_monitor[$id]) { $pconfig['name'] = $a_monitor[$id]['name']; diff --git a/usr/local/www/load_balancer_pool_edit.php b/usr/local/www/load_balancer_pool_edit.php index a47b8c8..c019d3c 100755 --- a/usr/local/www/load_balancer_pool_edit.php +++ b/usr/local/www/load_balancer_pool_edit.php @@ -48,10 +48,10 @@ if (!is_array($config['load_balancer']['lbpool'])) { } $a_pool = &$config['load_balancer']['lbpool']; -if (isset($_POST['id'])) - $id = $_POST['id']; -else +if (is_numericint($_GET['id'])) $id = $_GET['id']; +if (isset($_POST['id']) && is_numericint($_POST['id'])) + $id = $_POST['id']; if (isset($id) && $a_pool[$id]) { $pconfig['name'] = $a_pool[$id]['name']; diff --git a/usr/local/www/load_balancer_relay_action_edit.php b/usr/local/www/load_balancer_relay_action_edit.php index 44f0ecb..72904e7 100755 --- a/usr/local/www/load_balancer_relay_action_edit.php +++ b/usr/local/www/load_balancer_relay_action_edit.php @@ -45,10 +45,10 @@ if (!is_array($config['load_balancer']['lbaction'])) { } $a_action = &$config['load_balancer']['lbaction']; -if (isset($_POST['id'])) - $id = $_POST['id']; -else +if (is_numericint($_GET['id'])) $id = $_GET['id']; +if (isset($_POST['id']) && is_numericint($_POST['id'])) + $id = $_POST['id']; if (isset($id) && $a_action[$id]) { $pconfig = array(); diff --git a/usr/local/www/load_balancer_relay_protocol_edit.php b/usr/local/www/load_balancer_relay_protocol_edit.php index 9dd02a0..6de04f6 100755 --- a/usr/local/www/load_balancer_relay_protocol_edit.php +++ b/usr/local/www/load_balancer_relay_protocol_edit.php @@ -46,10 +46,10 @@ if (!is_array($config['load_balancer']['lbprotocol'])) { } $a_protocol = &$config['load_balancer']['lbprotocol']; -if (isset($_POST['id'])) - $id = $_POST['id']; -else +if (is_numericint($_GET['id'])) $id = $_GET['id']; +if (isset($_POST['id']) && is_numericint($_POST['id'])) + $id = $_POST['id']; if (isset($id) && $a_protocol[$id]) { $pconfig = $a_protocol[$id]; diff --git a/usr/local/www/load_balancer_virtual_server_edit.php b/usr/local/www/load_balancer_virtual_server_edit.php index 4d7eb6a..63e7359 100755 --- a/usr/local/www/load_balancer_virtual_server_edit.php +++ b/usr/local/www/load_balancer_virtual_server_edit.php @@ -46,10 +46,10 @@ if (!is_array($config['load_balancer']['virtual_server'])) { } $a_vs = &$config['load_balancer']['virtual_server']; -if (isset($_POST['id'])) - $id = $_POST['id']; -else +if (is_numericint($_GET['id'])) $id = $_GET['id']; +if (isset($_POST['id']) && is_numericint($_POST['id'])) + $id = $_POST['id']; if (isset($id) && $a_vs[$id]) { $pconfig = $a_vs[$id]; diff --git a/usr/local/www/services_captiveportal.php b/usr/local/www/services_captiveportal.php index a387ede..d8d5664 100755 --- a/usr/local/www/services_captiveportal.php +++ b/usr/local/www/services_captiveportal.php @@ -978,7 +978,7 @@ function enable_change(enable_change) { <tr> <td width="22%" valign="top"> </td> <td width="78%"> - <?php echo "<input name='zone' id='zone' type='hidden' value='{$cpzone}'/>"; ?> + <?php echo "<input name='zone' id='zone' type='hidden' value='" . htmlspecialchars($cpzone) . "'/>"; ?> <input name="Submit" type="submit" class="formbtn" value="<?=gettext("Save"); ?>" onClick="enable_change(true)"> <a href="services_captiveportal_zones.php"><input name="Cancel" type="button" class="formbtn" value="<?=gettext("Cancel"); ?>" onClick="enable_change(true)"></a> </td> diff --git a/usr/local/www/services_captiveportal_filemanager.php b/usr/local/www/services_captiveportal_filemanager.php index 285fd36..5ad51b4 100755 --- a/usr/local/www/services_captiveportal_filemanager.php +++ b/usr/local/www/services_captiveportal_filemanager.php @@ -138,7 +138,7 @@ include("head.inc"); <?php include("fbegin.inc"); ?> <body link="#0000CC" vlink="#0000CC" alink="#0000CC"> <form action="services_captiveportal_filemanager.php" method="post" enctype="multipart/form-data" name="iform" id="iform"> -<input type="hidden" name="zone" id="zone" value="<?=$cpzone;?>" /> +<input type="hidden" name="zone" id="zone" value="<?=htmlspecialchars($cpzone);?>" /> <?php if ($input_errors) print_input_errors($input_errors); ?> <table width="100%" border="0" cellpadding="0" cellspacing="0"> <tr><td class="tabnavtbl"> diff --git a/usr/local/www/services_captiveportal_hostname.php b/usr/local/www/services_captiveportal_hostname.php index f9b2a8a..e39d529 100755 --- a/usr/local/www/services_captiveportal_hostname.php +++ b/usr/local/www/services_captiveportal_hostname.php @@ -98,7 +98,7 @@ include("head.inc"); <?php include("fbegin.inc"); ?> <body link="#0000CC" vlink="#0000CC" alink="#0000CC"> <form action="services_captiveportal_hostname.php" method="post"> -<input type="hidden" name="zone" id="zone" value="<?=$cpzone;?>" /> +<input type="hidden" name="zone" id="zone" value="<?=htmlspecialchars($cpzone);?>" /> <?php if ($savemsg) print_info_box($savemsg); ?> <table width="100%" border="0" cellpadding="0" cellspacing="0"> <tr><td class="tabnavtbl"> diff --git a/usr/local/www/services_captiveportal_hostname_edit.php b/usr/local/www/services_captiveportal_hostname_edit.php index f7f3308..b5316b2 100755 --- a/usr/local/www/services_captiveportal_hostname_edit.php +++ b/usr/local/www/services_captiveportal_hostname_edit.php @@ -72,8 +72,9 @@ if (!is_array($config['captiveportal'])) $config['captiveportal'] = array(); $a_cp =& $config['captiveportal']; -$id = $_GET['id']; -if (isset($_POST['id'])) +if (is_numericint($_GET['id'])) + $id = $_GET['id']; +if (isset($_POST['id']) && is_numericint($_POST['id'])) $id = $_POST['id']; if (!is_array($a_cp[$cpzone]['allowedhostname'])) diff --git a/usr/local/www/services_captiveportal_ip.php b/usr/local/www/services_captiveportal_ip.php index 2a3d50f..0c53f4f 100755 --- a/usr/local/www/services_captiveportal_ip.php +++ b/usr/local/www/services_captiveportal_ip.php @@ -93,7 +93,7 @@ include("head.inc"); <?php include("fbegin.inc"); ?> <body link="#0000CC" vlink="#0000CC" alink="#0000CC"> <form action="services_captiveportal_ip.php" method="post"> -<input type="hidden" name="zone" id="zone" value="<?=$cpzone;?>" /> +<input type="hidden" name="zone" id="zone" value="<?=htmlspecialchars($cpzone);?>" /> <?php if ($savemsg) print_info_box($savemsg); ?> <table width="100%" border="0" cellpadding="0" cellspacing="0"> <tr><td class="tabnavtbl"> diff --git a/usr/local/www/services_captiveportal_ip_edit.php b/usr/local/www/services_captiveportal_ip_edit.php index f16532c..7473fc3 100755 --- a/usr/local/www/services_captiveportal_ip_edit.php +++ b/usr/local/www/services_captiveportal_ip_edit.php @@ -73,8 +73,9 @@ if (!is_array($config['captiveportal'])) $config['captiveportal'] = array(); $a_cp =& $config['captiveportal']; -$id = $_GET['id']; -if (isset($_POST['id'])) +if (is_numericint($_GET['id'])) + $id = $_GET['id']; +if (isset($_POST['id']) && is_numericint($_POST['id'])) $id = $_POST['id']; if (!is_array($config['captiveportal'][$cpzone]['allowedip'])) diff --git a/usr/local/www/services_captiveportal_mac.php b/usr/local/www/services_captiveportal_mac.php index 1f516de..bac686b 100755 --- a/usr/local/www/services_captiveportal_mac.php +++ b/usr/local/www/services_captiveportal_mac.php @@ -150,7 +150,7 @@ include("head.inc"); <?php include("fbegin.inc"); ?> <body link="#0000CC" vlink="#0000CC" alink="#0000CC"> <form action="services_captiveportal_mac.php" method="post"> -<input type="hidden" name="zone" id="zone" value="<?=$cpzone;?>"/> +<input type="hidden" name="zone" id="zone" value="<?=htmlspecialchars($cpzone);?>"/> <?php if ($savemsg) print_info_box($savemsg); ?> <?php if (is_subsystem_dirty('passthrumac')): ?><p> <?php print_info_box_np(gettext("The captive portal MAC address configuration has been changed.<br>You must apply the changes in order for them to take effect."));?><br> diff --git a/usr/local/www/services_captiveportal_mac_edit.php b/usr/local/www/services_captiveportal_mac_edit.php index da41e0a..76a67f7 100755 --- a/usr/local/www/services_captiveportal_mac_edit.php +++ b/usr/local/www/services_captiveportal_mac_edit.php @@ -70,8 +70,9 @@ if (!is_array($config['captiveportal'])) $config['captiveportal'] = array(); $a_cp =& $config['captiveportal']; -$id = $_GET['id']; -if (isset($_POST['id'])) +if (is_numericint($_GET['id'])) + $id = $_GET['id']; +if (isset($_POST['id']) && is_numericint($_POST['id'])) $id = $_POST['id']; if (!is_array($a_cp[$cpzone]['passthrumac'])) diff --git a/usr/local/www/services_captiveportal_vouchers.php b/usr/local/www/services_captiveportal_vouchers.php index a7edc3d..9fecd0e 100644 --- a/usr/local/www/services_captiveportal_vouchers.php +++ b/usr/local/www/services_captiveportal_vouchers.php @@ -629,7 +629,7 @@ function enable_change(enable_change) { <tr> <td width="22%" valign="top"> </td> <td width="78%"> - <input type="hidden" name="zone" id="zone" value="<?=$cpzone;?>" /> + <input type="hidden" name="zone" id="zone" value="<?=htmlspecialchars($cpzone);?>" /> <input type="hidden" name="exponent" id="exponent" value="<?=$pconfig['exponent'];?>" /> <input name="Submit" type="submit" class="formbtn" value="<?=gettext("Save"); ?>" onClick="enable_change(true); before_save();"> <input type="button" class="formbtn" value="<?=gettext("Cancel"); ?>" onclick="history.back()"> diff --git a/usr/local/www/services_captiveportal_vouchers_edit.php b/usr/local/www/services_captiveportal_vouchers_edit.php index daf5565..83f55c2 100644 --- a/usr/local/www/services_captiveportal_vouchers_edit.php +++ b/usr/local/www/services_captiveportal_vouchers_edit.php @@ -67,8 +67,9 @@ if (!is_array($config['voucher'][$cpzone]['roll'])) { } $a_roll = &$config['voucher'][$cpzone]['roll']; -$id = $_GET['id']; -if (isset($_POST['id'])) +if (is_numericint($_GET['id'])) + $id = $_GET['id']; +if (isset($_POST['id']) && is_numericint($_POST['id'])) $id = $_POST['id']; if (isset($id) && $a_roll[$id]) { diff --git a/usr/local/www/services_dhcp_edit.php b/usr/local/www/services_dhcp_edit.php index a132478..2bca379 100755 --- a/usr/local/www/services_dhcp_edit.php +++ b/usr/local/www/services_dhcp_edit.php @@ -86,8 +86,9 @@ $ifcfgip = get_interface_ip($if); $ifcfgsn = get_interface_subnet($if); $ifcfgdescr = convert_friendly_interface_to_friendly_descr($if); -$id = $_GET['id']; -if (isset($_POST['id'])) +if (is_numericint($_GET['id'])) + $id = $_GET['id']; +if (isset($_POST['id']) && is_numericint($_POST['id'])) $id = $_POST['id']; if (isset($id) && $a_maps[$id]) { diff --git a/usr/local/www/services_dhcpv6_edit.php b/usr/local/www/services_dhcpv6_edit.php index a4e48e6..c746321 100644 --- a/usr/local/www/services_dhcpv6_edit.php +++ b/usr/local/www/services_dhcpv6_edit.php @@ -82,8 +82,9 @@ $ifcfgipv6 = get_interface_ipv6($if); $ifcfgsnv6 = get_interface_subnetv6($if); $ifcfgdescr = convert_friendly_interface_to_friendly_descr($if); -$id = $_GET['id']; -if (isset($_POST['id'])) +if (is_numericint($_GET['id'])) + $id = $_GET['id']; +if (isset($_POST['id']) && is_numericint($_POST['id'])) $id = $_POST['id']; if (isset($id) && $a_maps[$id]) { diff --git a/usr/local/www/services_dnsmasq_domainoverride_edit.php b/usr/local/www/services_dnsmasq_domainoverride_edit.php index 3cf2fc3..048ce28 100755 --- a/usr/local/www/services_dnsmasq_domainoverride_edit.php +++ b/usr/local/www/services_dnsmasq_domainoverride_edit.php @@ -45,9 +45,10 @@ if (!is_array($config['dnsmasq']['domainoverrides'])) { } $a_domainOverrides = &$config['dnsmasq']['domainoverrides']; -$id = $_GET['id']; -if (isset($_POST['id'])) - $id = $_POST['id']; +if (is_numericint($_GET['id'])) + $id = $_GET['id']; +if (isset($_POST['id']) && is_numericint($_POST['id'])) + $id = $_POST['id']; if (isset($id) && $a_domainOverrides[$id]) { $pconfig['domain'] = $a_domainOverrides[$id]['domain']; diff --git a/usr/local/www/services_dnsmasq_edit.php b/usr/local/www/services_dnsmasq_edit.php index 33a7918..d6e0b61 100755 --- a/usr/local/www/services_dnsmasq_edit.php +++ b/usr/local/www/services_dnsmasq_edit.php @@ -59,8 +59,9 @@ if (!is_array($config['dnsmasq']['hosts'])) $a_hosts = &$config['dnsmasq']['hosts']; -$id = $_GET['id']; -if (isset($_POST['id'])) +if (is_numericint($_GET['id'])) + $id = $_GET['id']; +if (isset($_POST['id']) && is_numericint($_POST['id'])) $id = $_POST['id']; if (isset($id) && $a_hosts[$id]) { diff --git a/usr/local/www/services_dyndns_edit.php b/usr/local/www/services_dyndns_edit.php index 09f9e6b..adc6710 100644 --- a/usr/local/www/services_dyndns_edit.php +++ b/usr/local/www/services_dyndns_edit.php @@ -56,8 +56,9 @@ if (!is_array($config['dyndnses']['dyndns'])) { $a_dyndns = &$config['dyndnses']['dyndns']; -$id = $_GET['id']; -if (isset($_POST['id'])) +if (is_numericint($_GET['id'])) + $id = $_GET['id']; +if (isset($_POST['id']) && is_numericint($_POST['id'])) $id = $_POST['id']; if (isset($id) && isset($a_dyndns[$id])) { diff --git a/usr/local/www/services_igmpproxy_edit.php b/usr/local/www/services_igmpproxy_edit.php index 92fb71b..9d5fda5 100755 --- a/usr/local/www/services_igmpproxy_edit.php +++ b/usr/local/www/services_igmpproxy_edit.php @@ -53,8 +53,9 @@ if (!is_array($config['igmpproxy']['igmpentry'])) //igmpproxy_sort(); $a_igmpproxy = &$config['igmpproxy']['igmpentry']; -$id = $_GET['id']; -if (isset($_POST['id'])) +if (is_numericint($_GET['id'])) + $id = $_GET['id']; +if (isset($_POST['id']) && is_numericint($_POST['id'])) $id = $_POST['id']; if (isset($id) && $a_igmpproxy[$id]) { diff --git a/usr/local/www/services_rfc2136_edit.php b/usr/local/www/services_rfc2136_edit.php index 965940f..ebd977d 100644 --- a/usr/local/www/services_rfc2136_edit.php +++ b/usr/local/www/services_rfc2136_edit.php @@ -37,8 +37,9 @@ if (!is_array($config['dnsupdates']['dnsupdate'])) { $a_rfc2136 = &$config['dnsupdates']['dnsupdate']; -$id = $_GET['id']; -if (isset($_POST['id'])) +if (is_numericint($_GET['id'])) + $id = $_GET['id']; +if (isset($_POST['id']) && is_numericint($_POST['id'])) $id = $_POST['id']; if (isset($id) && isset($a_rfc2136[$id])) { diff --git a/usr/local/www/services_wol_edit.php b/usr/local/www/services_wol_edit.php index ca31048..437e7bcb 100755 --- a/usr/local/www/services_wol_edit.php +++ b/usr/local/www/services_wol_edit.php @@ -56,8 +56,9 @@ if (!is_array($config['wol']['wolentry'])) { } $a_wol = &$config['wol']['wolentry']; -$id = $_GET['id']; -if (isset($_POST['id'])) +if (is_numericint($_GET['id'])) + $id = $_GET['id']; +if (isset($_POST['id']) && is_numericint($_POST['id'])) $id = $_POST['id']; if (isset($id) && $a_wol[$id]) { diff --git a/usr/local/www/status_captiveportal.php b/usr/local/www/status_captiveportal.php index 2325b3c..5288258 100755 --- a/usr/local/www/status_captiveportal.php +++ b/usr/local/www/status_captiveportal.php @@ -188,7 +188,7 @@ $mac_man = load_mac_manufacturer_table(); <?php endif; ?> <form action="status_captiveportal.php" method="get" style="margin: 14px;"> -<input type="hidden" name="order" value="<?=$_GET['order'];?>" /> +<input type="hidden" name="order" value="<?=htmlspecialchars($_GET['order']);?>" /> <?php if (!empty($cpzone)): ?> <?php if ($_GET['showact']): ?> <input type="hidden" name="showact" value="0" /> @@ -197,7 +197,7 @@ $mac_man = load_mac_manufacturer_table(); <input type="hidden" name="showact" value="1" /> <input type="submit" class="formbtn" value="<?=gettext("Show last activity");?>" /> <?php endif; ?> -<input type="hidden" name="zone" value="<?=$cpzone;?>" /> +<input type="hidden" name="zone" value="<?=htmlspecialchars($cpzone);?>" /> <?php endif; ?> </form> <?php include("fend.inc"); ?> diff --git a/usr/local/www/status_captiveportal_expire.php b/usr/local/www/status_captiveportal_expire.php index 048df4d..48d3f05 100644 --- a/usr/local/www/status_captiveportal_expire.php +++ b/usr/local/www/status_captiveportal_expire.php @@ -88,7 +88,7 @@ include("fbegin.inc"); <tr> <td width="22%" valign="top"> </td> <td width="78%"> - <input name="zone" type="hidden" value="<?=$cpzone;?>"> + <input name="zone" type="hidden" value="<?=htmlspecialchars($cpzone);?>"> <input name="Submit" type="submit" class="formbtn" value="<?=gettext("Submit"); ?>"> </td> </tr> diff --git a/usr/local/www/status_captiveportal_test.php b/usr/local/www/status_captiveportal_test.php index 8e7ece7..a0cafbd 100644 --- a/usr/local/www/status_captiveportal_test.php +++ b/usr/local/www/status_captiveportal_test.php @@ -90,7 +90,7 @@ include("fbegin.inc"); <tr> <td width="22%" valign="top"> </td> <td width="78%"> - <input name="zone" type="hidden" value="<?=$cpzone;?>"> + <input name="zone" type="hidden" value="<?=htmlspecialchars($cpzone);?>"> <input name="Submit" type="submit" class="formbtn" value="<?=gettext("Submit"); ?>"> </td> </tr> diff --git a/usr/local/www/status_wireless.php b/usr/local/www/status_wireless.php index 47da215..f18c9b5 100755 --- a/usr/local/www/status_wireless.php +++ b/usr/local/www/status_wireless.php @@ -89,7 +89,7 @@ display_top_tabs($tab_array); </td></tr> <tr><td> <div id="mainarea" class="tabcont"> -<input type="hidden" name="if" id="if" value="<?php echo $if; ?>"> +<input type="hidden" name="if" id="if" value="<?php echo htmlspecialchars($if); ?>"> <b><input type="submit" name="rescanwifi" id="rescanwifi" value="Rescan"></b><br/><br/> <b><?php echo gettext("Nearby access points or ad-hoc peers"); ?></b> <table class="tabcont sortable" colspan="3" cellpadding="3" width="100%"> diff --git a/usr/local/www/system_advanced_sysctl.php b/usr/local/www/system_advanced_sysctl.php index da1aef3..a7b1cee 100644 --- a/usr/local/www/system_advanced_sysctl.php +++ b/usr/local/www/system_advanced_sysctl.php @@ -50,8 +50,9 @@ if (!is_array($config['sysctl']['item'])) $a_tunable = &$config['sysctl']['item']; -$id = $_GET['id']; -if (isset($_POST['id'])) +if (is_numericint($_GET['id'])) + $id = $_GET['id']; +if (isset($_POST['id']) && is_numericint($_POST['id'])) $id = $_POST['id']; $act = $_GET['act']; @@ -257,7 +258,7 @@ include("head.inc"); <input id="submit" name="Submit" type="submit" class="formbtn" value="<?=gettext("Save"); ?>" /> <input id="cancelbutton" name="cancelbutton" type="button" class="formbtn" value="<?=gettext("Cancel"); ?>" onclick="history.back()" /> <?php if (isset($id) && $a_tunable[$id]): ?> - <input name="id" type="hidden" value="<?=$id;?>" /> + <input name="id" type="hidden" value="<?=htmlspecialchars($id);?>" /> <?php endif; ?> </td> </tr> diff --git a/usr/local/www/system_authservers.php b/usr/local/www/system_authservers.php index 66b188e..e24e913 100644 --- a/usr/local/www/system_authservers.php +++ b/usr/local/www/system_authservers.php @@ -44,8 +44,9 @@ require_once("auth.inc"); $pgtitle = array(gettext("System"), gettext("Authentication Servers")); $shortcut_section = "authentication"; -$id = $_GET['id']; -if (isset($_POST['id'])) +if (is_numericint($_GET['id'])) + $id = $_GET['id']; +if (isset($_POST['id']) && is_numericint($_POST['id'])) $id = $_POST['id']; if (!is_array($config['system']['authserver'])) @@ -788,7 +789,7 @@ function select_clicked() { <td width="78%"> <input id="submit" name="save" type="submit" class="formbtn" value="<?=gettext("Save");?>" /> <?php if (isset($id) && $a_server[$id]): ?> - <input name="id" type="hidden" value="<?=$id;?>" /> + <input name="id" type="hidden" value="<?=htmlspecialchars($id);?>" /> <?php endif;?> </td> </tr> diff --git a/usr/local/www/system_camanager.php b/usr/local/www/system_camanager.php index a659239..0eb743a 100644 --- a/usr/local/www/system_camanager.php +++ b/usr/local/www/system_camanager.php @@ -50,8 +50,9 @@ $openssl_digest_algs = array("sha1", "sha224", "sha256", "sha384", "sha512"); $pgtitle = array(gettext("System"), gettext("Certificate Authority Manager")); -$id = $_GET['id']; -if (isset($_POST['id'])) +if (is_numericint($_GET['id'])) + $id = $_GET['id']; +if (isset($_POST['id']) && is_numericint($_POST['id'])) $id = $_POST['id']; if (!is_array($config['ca'])) @@ -369,7 +370,7 @@ function method_change() { <form action="system_camanager.php" method="post" name="iform" id="iform"> <?php if ($act == "edit"): ?> <input type="hidden" name="edit" value="edit" id="edit" /> - <input type="hidden" name="id" value="<?php echo $id; ?>" id="id" /> + <input type="hidden" name="id" value="<?php echo htmlspecialchars($id); ?>" id="id" /> <input type="hidden" name="refid" value="<?php echo $pconfig['refid']; ?>" id="refid" /> <?php endif; ?> <table width="100%" border="0" cellpadding="6" cellspacing="0" summary="main area"> @@ -577,7 +578,7 @@ function method_change() { <td width="78%"> <input id="submit" name="save" type="submit" class="formbtn" value="<?=gettext("Save"); ?>" /> <?php if (isset($id) && $a_ca[$id]): ?> - <input name="id" type="hidden" value="<?=$id;?>" /> + <input name="id" type="hidden" value="<?=htmlspecialchars($id);?>" /> <?php endif;?> </td> </tr> diff --git a/usr/local/www/system_certmanager.php b/usr/local/www/system_certmanager.php index 7acc2eb..38993c6 100644 --- a/usr/local/www/system_certmanager.php +++ b/usr/local/www/system_certmanager.php @@ -56,18 +56,21 @@ $openssl_digest_algs = array("sha1", "sha224", "sha256", "sha384", "sha512"); $pgtitle = array(gettext("System"), gettext("Certificate Manager")); -$userid = $_GET['userid']; -if (isset($_POST['userid'])) +if (is_numericint($_GET['userid'])) + $userid = $_GET['userid']; +if (isset($_POST['userid']) && is_numericint($_POST['userid'])) $userid = $_POST['userid']; -if (is_numeric($userid)) { + +if (isset($userid)) { $cert_methods["existing"] = gettext("Choose an existing certificate"); if (!is_array($config['system']['user'])) $config['system']['user'] = array(); $a_user =& $config['system']['user']; } -$id = $_GET['id']; -if (isset($_POST['id'])) +if (is_numericint($_GET['id'])) + $id = $_GET['id']; +if (isset($_POST['id']) && is_numericint($_POST['id'])) $id = $_POST['id']; if (!is_array($config['ca'])) @@ -969,7 +972,7 @@ function internalca_change() { <td width="22%" valign="top" class="vncellreq"><?=gettext("Existing Certificates");?></td> <td width="78%" class="vtable"> <?php if (isset($userid) && $a_user): ?> - <input name="userid" type="hidden" value="<?=$userid;?>" /> + <input name="userid" type="hidden" value="<?=htmlspecialchars($userid);?>" /> <?php endif;?> <select name='certref' class="formselect"> <?php @@ -1003,7 +1006,7 @@ function internalca_change() { <td width="78%"> <input id="submit" name="save" type="submit" class="formbtn" value="<?=gettext("Save");?>" /> <?php if (isset($id) && $a_cert[$id]): ?> - <input name="id" type="hidden" value="<?=$id;?>" /> + <input name="id" type="hidden" value="<?=htmlspecialchars($id);?>" /> <?php endif;?> </td> </tr> @@ -1056,7 +1059,7 @@ function internalca_change() { <?php endif; */ ?> <input id="submit" name="save" type="submit" class="formbtn" value="<?=gettext("Update");?>" /> <?php if (isset($id) && $a_cert[$id]): ?> - <input name="id" type="hidden" value="<?=$id;?>" /> + <input name="id" type="hidden" value="<?=htmlspecialchars($id);?>" /> <input name="act" type="hidden" value="csr" /> <?php endif;?> </td> diff --git a/usr/local/www/system_crlmanager.php b/usr/local/www/system_crlmanager.php index 3b6bb5f..5d244a1 100644 --- a/usr/local/www/system_crlmanager.php +++ b/usr/local/www/system_crlmanager.php @@ -49,8 +49,9 @@ $crl_methods = array( "internal" => gettext("Create an internal Certificate Revocation List"), "existing" => gettext("Import an existing Certificate Revocation List")); -$id = $_GET['id']; -if (isset($_POST['id'])) +if (is_numericint($_GET['id'])) + $id = $_GET['id']; +if (isset($_POST['id']) && is_numericint($_POST['id'])) $id = $_POST['id']; if (!is_array($config['ca'])) @@ -388,7 +389,7 @@ function method_change() { <td width="78%"> <input id="submit" name="save" type="submit" class="formbtn" value="<?=gettext("Save"); ?>" /> <?php if (isset($id) && $thiscrl): ?> - <input name="id" type="hidden" value="<?=$id;?>" /> + <input name="id" type="hidden" value="<?=htmlspecialchars($id);?>" /> <?php endif;?> </td> </tr> @@ -419,7 +420,7 @@ function method_change() { <td width="22%" valign="top"> </td> <td width="78%"> <input id="submit" name="save" type="submit" class="formbtn" value="<?=gettext("Save"); ?>" /> - <input name="id" type="hidden" value="<?=$id;?>" /> + <input name="id" type="hidden" value="<?=htmlspecialchars($id);?>" /> <input name="act" type="hidden" value="editimported" /> </td> </tr> @@ -637,4 +638,4 @@ method_change(); </script> </body> -</html>
\ No newline at end of file +</html> diff --git a/usr/local/www/system_gateway_groups_edit.php b/usr/local/www/system_gateway_groups_edit.php index fadc283..ecab27a 100755 --- a/usr/local/www/system_gateway_groups_edit.php +++ b/usr/local/www/system_gateway_groups_edit.php @@ -55,13 +55,13 @@ $categories = array('down' => gettext("Member Down"), 'downlatency' => gettext("High Latency"), 'downlosslatency' => gettext("Packet Loss or High Latency")); -$id = $_GET['id']; -if (isset($_POST['id'])) +if (is_numericint($_GET['id'])) + $id = $_GET['id']; +if (isset($_POST['id']) && is_numericint($_POST['id'])) $id = $_POST['id']; -if (isset($_GET['dup'])) { +if (isset($_GET['dup']) && is_numericint($_GET['dup'])) $id = $_GET['dup']; -} if (isset($id) && $a_gateway_groups[$id]) { $pconfig['name'] = $a_gateway_groups[$id]['name']; @@ -70,7 +70,7 @@ if (isset($id) && $a_gateway_groups[$id]) { $pconfig['trigger'] = $a_gateway_groups[$id]['trigger']; } -if (isset($_GET['dup'])) +if (isset($_GET['dup']) && is_numericint($_GET['dup'])) unset($id); if ($_POST) { diff --git a/usr/local/www/system_gateways_edit.php b/usr/local/www/system_gateways_edit.php index b82bb31..4e46a16 100755 --- a/usr/local/www/system_gateways_edit.php +++ b/usr/local/www/system_gateways_edit.php @@ -55,13 +55,13 @@ if (!is_array($config['gateways']['gateway_item'])) $a_gateway_item = &$config['gateways']['gateway_item']; $apinger_default = return_apinger_defaults(); -$id = $_GET['id']; -if (isset($_POST['id'])) +if (is_numericint($_GET['id'])) + $id = $_GET['id']; +if (isset($_POST['id']) && is_numericint($_POST['id'])) $id = $_POST['id']; -if (isset($_GET['dup'])) { +if (isset($_GET['dup']) && is_numericint($_GET['dup'])) $id = $_GET['dup']; -} if (isset($id) && $a_gateways[$id]) { $pconfig = array(); @@ -86,7 +86,7 @@ if (isset($id) && $a_gateways[$id]) { $pconfig['attribute'] = $a_gateways[$id]['attribute']; } -if (isset($_GET['dup'])) { +if (isset($_GET['dup']) && is_numericint($_GET['dup'])) { unset($id); unset($pconfig['attribute']); } diff --git a/usr/local/www/system_groupmanager_addprivs.php b/usr/local/www/system_groupmanager_addprivs.php index 29f0193..1c20a07 100644 --- a/usr/local/www/system_groupmanager_addprivs.php +++ b/usr/local/www/system_groupmanager_addprivs.php @@ -55,8 +55,9 @@ require("guiconfig.inc"); $pgtitle = array(gettext("System"),gettext("Group manager"),gettext("Add privileges")); -$groupid = $_GET['groupid']; -if (isset($_POST['groupid'])) +if (is_numericint($_GET['groupid'])) + $groupid = $_GET['groupid']; +if (isset($_POST['groupid']) && is_numericint($_POST['groupid'])) $groupid = $_POST['groupid']; $a_group = & $config['system']['group'][$groupid]; @@ -224,7 +225,7 @@ function update_description() { <input id="submitt" name="Submit" type="submit" class="formbtn" value="<?=gettext("Save");?>" /> <input id="cancelbutton" class="formbtn" type="button" value="<?=gettext("Cancel");?>" onclick="history.back()" /> <?php if (isset($groupid)): ?> - <input name="groupid" type="hidden" value="<?=$groupid;?>" /> + <input name="groupid" type="hidden" value="<?=htmlspecialchars($groupid);?>" /> <?php endif; ?> </td> </tr> diff --git a/usr/local/www/system_routes_edit.php b/usr/local/www/system_routes_edit.php index 631fab0..93a0f7c 100755 --- a/usr/local/www/system_routes_edit.php +++ b/usr/local/www/system_routes_edit.php @@ -63,13 +63,13 @@ if (!is_array($config['staticroutes']['route'])) $a_routes = &$config['staticroutes']['route']; $a_gateways = return_gateways_array(true, true); -$id = $_GET['id']; -if (isset($_POST['id'])) +if (is_numericint($_GET['id'])) + $id = $_GET['id']; +if (isset($_POST['id']) && is_numericint($_POST['id'])) $id = $_POST['id']; -if (isset($_GET['dup'])) { +if (isset($_GET['dup']) && is_numericint($_GET['dup'])) $id = $_GET['dup']; -} if (isset($id) && $a_routes[$id]) { list($pconfig['network'],$pconfig['network_subnet']) = @@ -79,7 +79,7 @@ if (isset($id) && $a_routes[$id]) { $pconfig['disabled'] = isset($a_routes[$id]['disabled']); } -if (isset($_GET['dup'])) +if (isset($_GET['dup']) && is_numericint($_GET['dup'])) unset($id); if ($_POST) { diff --git a/usr/local/www/system_usermanager.php b/usr/local/www/system_usermanager.php index 5cdaae3..719b187 100644 --- a/usr/local/www/system_usermanager.php +++ b/usr/local/www/system_usermanager.php @@ -53,8 +53,9 @@ require("guiconfig.inc"); // start admin user code $pgtitle = array(gettext("System"),gettext("User Manager")); -$id = $_GET['id']; -if (isset($_POST['id'])) +if (is_numericint($_GET['id'])) + $id = $_GET['id']; +if (isset($_POST['id']) && is_numericint($_POST['id'])) $id = $_POST['id']; if (!is_array($config['system']['user'])) @@ -773,7 +774,7 @@ function sshkeyClicked(obj) { <td width="78%"> <input id="submit" name="save" type="submit" class="formbtn" value="<?=gettext("Save");?>" /> <?php if (isset($id) && $a_user[$id]): ?> - <input name="id" type="hidden" value="<?=$id;?>" /> + <input name="id" type="hidden" value="<?=htmlspecialchars($id);?>" /> <?php endif;?> </td> </tr> diff --git a/usr/local/www/system_usermanager_addprivs.php b/usr/local/www/system_usermanager_addprivs.php index ba5aad9..b93ad9c 100644 --- a/usr/local/www/system_usermanager_addprivs.php +++ b/usr/local/www/system_usermanager_addprivs.php @@ -46,8 +46,9 @@ require("guiconfig.inc"); $pgtitle = array("System","User manager","Add privileges"); -$userid = $_GET['userid']; -if (isset($_POST['userid'])) +if (is_numericint($_GET['userid'])) + $userid = $_GET['userid']; +if (isset($_POST['userid']) && is_numericint($_POST['userid'])) $userid = $_POST['userid']; $a_user = & $config['system']['user'][$userid]; @@ -195,7 +196,7 @@ function update_description() { <input id="submitt" name="Submit" type="submit" class="formbtn" value="<?=gettext("Save");?>" /> <input id="cancelbutton" class="formbtn" type="button" value="<?=gettext("Cancel");?>" onclick="history.back()" /> <?php if (isset($userid)): ?> - <input name="userid" type="hidden" value="<?=$userid;?>" /> + <input name="userid" type="hidden" value="<?=htmlspecialchars($userid);?>" /> <?php endif; ?> </td> </tr> diff --git a/usr/local/www/vpn_ipsec_keys_edit.php b/usr/local/www/vpn_ipsec_keys_edit.php index 4863943..fdb1b8f 100644 --- a/usr/local/www/vpn_ipsec_keys_edit.php +++ b/usr/local/www/vpn_ipsec_keys_edit.php @@ -46,8 +46,9 @@ if (!is_array($config['ipsec']['mobilekey'])) { ipsec_mobilekey_sort(); $a_secret = &$config['ipsec']['mobilekey']; -$id = $_GET['id']; -if (isset($_POST['id'])) +if (is_numericint($_GET['id'])) + $id = $_GET['id']; +if (isset($_POST['id']) && is_numericint($_POST['id'])) $id = $_POST['id']; if (isset($id) && $a_secret[$id]) { diff --git a/usr/local/www/vpn_ipsec_phase1.php b/usr/local/www/vpn_ipsec_phase1.php index 9d850df..f69cfd3 100644 --- a/usr/local/www/vpn_ipsec_phase1.php +++ b/usr/local/www/vpn_ipsec_phase1.php @@ -50,17 +50,17 @@ if (!is_array($config['ipsec']['phase2'])) $a_phase1 = &$config['ipsec']['phase1']; $a_phase2 = &$config['ipsec']['phase2']; -$p1index = $_GET['p1index']; -if (isset($_POST['p1index'])) +if (is_numericint($_GET['p1index'])) + $p1index = $_GET['p1index']; +if (isset($_POST['p1index']) && is_numericint($_GET['p1index'])) $p1index = $_POST['p1index']; -if (isset($_GET['dup'])) { +if (isset($_GET['dup']) && is_numericint($_GET['dup'])) $p1index = $_GET['dup']; -} if (isset($p1index) && $a_phase1[$p1index]) { // don't copy the ikeid on dup - if (!isset($_GET['dup'])) + if (!isset($_GET['dup']) || !is_numericint($_GET['dup'])) $pconfig['ikeid'] = $a_phase1[$p1index]['ikeid']; $old_ph1ent = $a_phase1[$p1index]; @@ -132,7 +132,7 @@ if (isset($p1index) && $a_phase1[$p1index]) { $pconfig['mobile']=true; } -if (isset($_GET['dup'])) +if (isset($_GET['dup']) && is_numericint($_GET['dup'])) unset($p1index); if ($_POST) { @@ -892,7 +892,7 @@ function dpdchkbox_change() { <td width="22%" valign="top"> </td> <td width="78%"> <?php if (isset($p1index) && $a_phase1[$p1index]): ?> - <input name="p1index" type="hidden" value="<?=$p1index;?>"/> + <input name="p1index" type="hidden" value="<?=htmlspecialchars($p1index);?>"/> <?php endif; ?> <?php if ($pconfig['mobile']): ?> <input name="mobile" type="hidden" value="true"/> diff --git a/usr/local/www/vpn_ipsec_phase2.php b/usr/local/www/vpn_ipsec_phase2.php index cec02ed..b2643c7 100644 --- a/usr/local/www/vpn_ipsec_phase2.php +++ b/usr/local/www/vpn_ipsec_phase2.php @@ -51,11 +51,12 @@ if (!is_array($config['ipsec']['phase2'])) $a_phase2 = &$config['ipsec']['phase2']; -$p2index = $_GET['p2index']; -if (isset($_POST['p2index'])) +if (is_numericint($_GET['p2index'])) + $p2index = $_GET['p2index']; +if (isset($_POST['p2index']) && is_numericint($_GET['p2index'])) $p2index = $_POST['p2index']; -if (isset($_GET['dup'])) +if (isset($_GET['dup']) && is_numericint($_GET['dup'])) $p2index = $_GET['dup']; if (isset($p2index) && $a_phase2[$p2index]) @@ -99,7 +100,7 @@ else $pconfig['mobile']=true; } -if (isset($_GET['dup'])) +if (isset($_GET['dup']) && is_numericint($_GET['dup'])) unset($p2index); if ($_POST) { @@ -782,7 +783,7 @@ function change_protocol() { <td width="22%" valign="top"> </td> <td width="78%"> <?php if (isset($p2index) && $a_phase2[$p2index]): ?> - <input name="p2index" type="hidden" value="<?=$p2index;?>"/> + <input name="p2index" type="hidden" value="<?=htmlspecialchars($p2index);?>"/> <?php endif; ?> <?php if ($pconfig['mobile']): ?> <input name="mobile" type="hidden" value="true"/> diff --git a/usr/local/www/vpn_l2tp_users_edit.php b/usr/local/www/vpn_l2tp_users_edit.php index bae2a10..f56298f 100644 --- a/usr/local/www/vpn_l2tp_users_edit.php +++ b/usr/local/www/vpn_l2tp_users_edit.php @@ -59,8 +59,9 @@ if (!is_array($config['l2tp']['user'])) { } $a_secret = &$config['l2tp']['user']; -$id = $_GET['id']; -if (isset($_POST['id'])) +if (is_numericint($_GET['id'])) + $id = $_GET['id']; +if (isset($_POST['id']) && is_numericint($_POST['id'])) $id = $_POST['id']; if (isset($id) && $a_secret[$id]) { diff --git a/usr/local/www/vpn_openvpn_client.php b/usr/local/www/vpn_openvpn_client.php index c692959..bc4dfea 100644 --- a/usr/local/www/vpn_openvpn_client.php +++ b/usr/local/www/vpn_openvpn_client.php @@ -60,8 +60,9 @@ if (!is_array($config['crl'])) $a_crl =& $config['crl']; -$id = $_GET['id']; -if (isset($_POST['id'])) +if (is_numericint($_GET['id'])) + $id = $_GET['id']; +if (isset($_POST['id']) && is_numericint($_POST['id'])) $id = $_POST['id']; $act = $_GET['act']; @@ -922,7 +923,7 @@ if ($savemsg) <input name="save" type="submit" class="formbtn" value="<?=gettext("Save"); ?>"/> <input name="act" type="hidden" value="<?=$act;?>"/> <?php if (isset($id) && $a_client[$id]): ?> - <input name="id" type="hidden" value="<?=$id;?>"/> + <input name="id" type="hidden" value="<?=htmlspecialchars($id);?>"/> <?php endif; ?> </td> </tr> diff --git a/usr/local/www/vpn_openvpn_csc.php b/usr/local/www/vpn_openvpn_csc.php index 0d12dfb..aebea01 100644 --- a/usr/local/www/vpn_openvpn_csc.php +++ b/usr/local/www/vpn_openvpn_csc.php @@ -45,8 +45,9 @@ if (!is_array($config['openvpn']['openvpn-csc'])) $a_csc = &$config['openvpn']['openvpn-csc']; -$id = $_GET['id']; -if (isset($_POST['id'])) +if (is_numericint($_GET['id'])) + $id = $_GET['id']; +if (isset($_POST['id']) && is_numericint($_POST['id'])) $id = $_POST['id']; $act = $_GET['act']; @@ -660,7 +661,7 @@ function netbios_change() { <input name="save" type="submit" class="formbtn" value="<?=gettext("Save"); ?>"/> <input name="act" type="hidden" value="<?=$act;?>"/> <?php if (isset($id) && $a_csc[$id]): ?> - <input name="id" type="hidden" value="<?=$id;?>"/> + <input name="id" type="hidden" value="<?=htmlspecialchars($id);?>"/> <?php endif; ?> </td> </tr> diff --git a/usr/local/www/vpn_openvpn_server.php b/usr/local/www/vpn_openvpn_server.php index 4b47b3c..90e2b47 100644 --- a/usr/local/www/vpn_openvpn_server.php +++ b/usr/local/www/vpn_openvpn_server.php @@ -61,8 +61,9 @@ foreach ($a_crl as $cid => $acrl) if (!isset($acrl['refid'])) unset ($a_crl[$cid]); -$id = $_GET['id']; -if (isset($_POST['id'])) +if (is_numericint($_GET['id'])) + $id = $_GET['id']; +if (isset($_POST['id']) && is_numericint($_POST['id'])) $id = $_POST['id']; $act = $_GET['act']; @@ -1672,7 +1673,7 @@ if ($savemsg) <input name="save" type="submit" class="formbtn" value="<?=gettext("Save"); ?>"/> <input name="act" type="hidden" value="<?=$act;?>"/> <?php if (isset($id) && $a_server[$id]): ?> - <input name="id" type="hidden" value="<?=$id;?>"> + <input name="id" type="hidden" value="<?=htmlspecialchars($id);?>"> <?php endif; ?> </td> </tr> diff --git a/usr/local/www/vpn_pppoe_edit.php b/usr/local/www/vpn_pppoe_edit.php index e5e6403..b667da7 100755 --- a/usr/local/www/vpn_pppoe_edit.php +++ b/usr/local/www/vpn_pppoe_edit.php @@ -60,9 +60,10 @@ if (!is_array($config['pppoes']['pppoe'])) { } $a_pppoes = &$config['pppoes']['pppoe']; -$id = $_GET['id']; -if (isset($_POST['id'])) - $id = $_POST['id']; +if (is_numericint($_GET['id'])) + $id = $_GET['id']; +if (isset($_POST['id']) && is_numericint($_POST['id'])) + $id = $_POST['id']; if (isset($id) && $a_pppoes[$id]) { $pppoecfg =& $a_pppoes[$id]; diff --git a/usr/local/www/vpn_pptp_users_edit.php b/usr/local/www/vpn_pptp_users_edit.php index e058442..4d2acd3 100755 --- a/usr/local/www/vpn_pptp_users_edit.php +++ b/usr/local/www/vpn_pptp_users_edit.php @@ -56,8 +56,9 @@ if (!is_array($config['pptpd']['user'])) { } $a_secret = &$config['pptpd']['user']; -$id = $_GET['id']; -if (isset($_POST['id'])) +if (is_numericint($_GET['id'])) + $id = $_GET['id']; +if (isset($_POST['id']) && is_numericint($_POST['id'])) $id = $_POST['id']; if (isset($id) && $a_secret[$id]) { |