diff options
author | Scott Ullrich <sullrich@pfsense.org> | 2009-08-20 21:45:39 -0400 |
---|---|---|
committer | Scott Ullrich <sullrich@pfsense.org> | 2009-08-20 21:45:39 -0400 |
commit | 990a271cb6baf3a4435fa6d2c43973fb28aa2302 (patch) | |
tree | f7c9ce794d16ff38d2fc0ce8501719f6084feea8 | |
parent | 2a778c444d279be60caf7df696e0f07acdbdd309 (diff) | |
download | pfsense-990a271cb6baf3a4435fa6d2c43973fb28aa2302.zip pfsense-990a271cb6baf3a4435fa6d2c43973fb28aa2302.tar.gz |
Make sure entered # is a integer and use htmlspecialchars()
-rwxr-xr-x | usr/local/www/services_dhcp.php | 8 |
1 files changed, 5 insertions, 3 deletions
diff --git a/usr/local/www/services_dhcp.php b/usr/local/www/services_dhcp.php index d21fc3a..1e94ced 100755 --- a/usr/local/www/services_dhcp.php +++ b/usr/local/www/services_dhcp.php @@ -299,9 +299,11 @@ if ($_POST) { $numbervalue = array(); unset($config['dhcpd'][$if]['numberoptions']['item']); for($x=0; $x<isset($_POST["number{$x}"]); $x++) { - $numbervalue['number'] = $_POST["number{$x}"]; - $numbervalue['value'] = $_POST["value{$x}"]; - $config['dhcpd'][$if]['numberoptions']['item'][] = $numbervalue; + if(is_int($_POST["number{$x}"])) { + $numbervalue['number'] = htmlspecialchars($_POST["number{$x}"]); + $numbervalue['value'] = htmlspecialchars($_POST["value{$x}"]); + $config['dhcpd'][$if]['numberoptions']['item'][] = $numbervalue; + } } $pconfig['numberoptions'] = $config['dhcpd'][$if]['numberoptions']; |