Add some protection to parameters that come through _GET

2 files changed, 17 insertions, 13 deletions

diff --git a/etc/inc/service-utils.inc b/etc/inc/service-utils.inc
index 7c05176..362af4d 100644
--- a/etc/inc/service-utils.inc
+++ b/etc/inc/service-utils.inc
@@ -515,7 +515,7 @@ function service_control_start($name, $extras) {
 			services_radvd_configure();
 			break;
 		case 'captiveportal':
-			$zone = $extras['zone'];
+			$zone = htmlspecialchars($extras['zone']);
 			captiveportal_init_webgui_zonename($zone);
 			break;
 		case 'ntpd':
@@ -553,9 +553,9 @@ function service_control_start($name, $extras) {
 			send_event("service restart sshd");
 			break;
 		case 'openvpn':
-			$vpnmode = isset($extras['vpnmode']) ? $extras['vpnmode'] : $extras['mode'];
+			$vpnmode = isset($extras['vpnmode']) ? htmlspecialchars($extras['vpnmode']) : htmlspecialchars($extras['mode']);
 			if (($vpnmode == "server") || ($vpnmode == "client")) {
-				$id = isset($extras['vpnid']) ? $extras['vpnid'] : $extras['id'];
+				$id = isset($extras['vpnid']) ? htmlspecialchars($extras['vpnid']) : htmlspecialchars($extras['id']);
 				$configfile = "{$g['varetc_path']}/openvpn/{$vpnmode}{$id}.conf";
 				if (file_exists($configfile))
 					openvpn_restart_by_vpnid($vpnmode, $id);
@@ -577,7 +577,7 @@ function service_control_stop($name, $extras) {
 			killbypid("{$g['varrun_path']}/radvd.pid");
 			break;
 		case 'captiveportal':
-			$zone = $extras['zone'];
+			$zone = htmlspecialchars($extras['zone']);
 			killbypid("{$g['varrun_path']}/lighty-{$zone}-CaptivePortal.pid");
 			killbypid("{$g['varrun_path']}/lighty-{$zone}-CaptivePortal-SSL.pid");
 			break;
@@ -624,9 +624,9 @@ function service_control_stop($name, $extras) {
 			exec("/usr/local/sbin/ipsec stop");
 			break;
 		case 'openvpn':
-			$vpnmode = $extras['vpnmode'];
+			$vpnmode = htmlspecialchars($extras['vpnmode']);
 			if (($vpnmode == "server") or ($vpnmode == "client")) {
-				$id = $extras['id'];
+				$id = htmlspecialchars($extras['id']);
 				$pidfile = "{$g['varrun_path']}/openvpn_{$vpnmode}{$id}.pid";
 				killbypid($pidfile);
 			}
@@ -648,7 +648,7 @@ function service_control_restart($name, $extras) {
 			services_radvd_configure();
 			break;
 		case 'captiveportal':
-			$zone = $extras['zone'];
+			$zone = htmlspecialchars($extras['zone']);
 			killbypid("{$g['varrun_path']}/lighty-{$zone}-CaptivePortal.pid");
 			killbypid("{$g['varrun_path']}/lighty-{$zone}-CaptivePortal-SSL.pid");
 			captiveportal_init_webgui_zonename($zone);
@@ -692,9 +692,9 @@ function service_control_restart($name, $extras) {
 			send_event("service restart sshd");
 			break;
 		case 'openvpn':
-			$vpnmode = $extras['vpnmode'];
+			$vpnmode = htmlspecialchars($extras['vpnmode']);
 			if ($vpnmode == "server" || $vpnmode == "client") {
-				$id = $extras['id'];
+				$id = htmlspecialchars($extras['id']);
 				$configfile = "{$g['varetc_path']}/openvpn/{$vpnmode}{$id}.conf";
 				if (file_exists($configfile))
 					openvpn_restart_by_vpnid($vpnmode, $id);
diff --git a/usr/local/www/status_services.php b/usr/local/www/status_services.php
index 48f9db4..c08f773 100755
--- a/usr/local/www/status_services.php
+++ b/usr/local/www/status_services.php
@@ -41,16 +41,20 @@ require_once("guiconfig.inc");
 require_once("service-utils.inc");
 require_once("shortcuts.inc");
 
-if (!empty($_GET['service'])) {
+$service_name = '';
+if (isset($_GET['service']))
+	$service_name = htmlspecialchars($_GET['service']);
+
+if (!empty($service_name)) {
 	switch ($_GET['mode']) {
 		case "restartservice":
-			$savemsg = service_control_restart($_GET['service'], $_GET);
+			$savemsg = service_control_restart($service_name, $_GET);
 			break;
 		case "startservice":
-			$savemsg = service_control_start($_GET['service'], $_GET);
+			$savemsg = service_control_start($service_name, $_GET);
 			break;
 		case "stopservice":
-			$savemsg = service_control_stop($_GET['service'], $_GET);
+			$savemsg = service_control_stop($service_name, $_GET);
 			break;
 	}
 	sleep(5);