diff options
| author | Ermal <eri@pfsense.org> | 2013-01-21 21:08:59 +0000 |
|---|---|---|
| committer | Ermal <eri@pfsense.org> | 2013-01-21 21:08:59 +0000 |
| commit | 09294e847f1216b843d7199b611428adcf5072e4 (patch) | |
| tree | a8e2321742e2a6309f057977413295412af50236 | |
| parent | ed97b2cb72a945a1a6aa91b4ba244bad830eea04 (diff) | |
| download | pfsense-09294e847f1216b843d7199b611428adcf5072e4.zip pfsense-09294e847f1216b843d7199b611428adcf5072e4.tar.gz | |
Validate the cpzone parameter passed that it actually is a valid zone
| -rwxr-xr-x | usr/local/captiveportal/index.php | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/usr/local/captiveportal/index.php b/usr/local/captiveportal/index.php index 28931a4..35a2cd3 100755 --- a/usr/local/captiveportal/index.php +++ b/usr/local/captiveportal/index.php @@ -46,6 +46,12 @@ header("Connection: close"); $cpzone = $_REQUEST['zone']; $cpcfg = $config['captiveportal'][$cpzone]; +if (empty($cpcfg)) { + log_error("Submission to captiveportal with unkown parameter zone: " . htmlspecialchars($cpzone)); + portal_reply_page($redirurl, "error", $errormsg); + ob_flush(); + return; +} $orig_host = $_ENV['HTTP_HOST']; /* NOTE: IE 8/9 is buggy and that is why this is needed */ |
