diff options
| author | Scott Ullrich <sullrich@pfsense.org> | 2010-11-06 12:15:01 -0400 |
|---|---|---|
| committer | Scott Ullrich <sullrich@pfsense.org> | 2010-11-06 12:15:01 -0400 |
| commit | 50b2f6ab4c4bf786ea6921c16d7df569607b624a (patch) | |
| tree | ca4c3a83eccc320482a8459584c337a6beb1acd7 | |
| parent | c62d973d7d55db1ede92f93ceb61242dfe43b106 (diff) | |
| download | pfsense-50b2f6ab4c4bf786ea6921c16d7df569607b624a.zip pfsense-50b2f6ab4c4bf786ea6921c16d7df569607b624a.tar.gz | |
Ensure that we are working with a proper passed interface..
| -rwxr-xr-x | usr/local/www/status_graph.php | 31 |
1 files changed, 20 insertions, 11 deletions
diff --git a/usr/local/www/status_graph.php b/usr/local/www/status_graph.php index ddcfd2d..6397d75 100755 --- a/usr/local/www/status_graph.php +++ b/usr/local/www/status_graph.php @@ -54,10 +54,25 @@ if ($_POST['height']) else $height = "200"; -if ($_GET['if']) +$ifdescrs = array('wan' => gettext('WAN'), 'lan' => gettext('LAN')); + +for($j = 1; isset($config['interfaces']['opt' . $j]); $j++) { + if(isset($config['interfaces']['opt' . $j]['enable'])) + $ifdescrs['opt' . $j] = $config['interfaces']['opt' . $j]['descr']; +} + +if ($_GET['if']) { $curif = $_GET['if']; -else + $found = false; + foreach($ifdescrs as $descr => $ifdescr) + if($descr == $curif) $found = true; + if(!$found) { + Header("Location: status_graph.php"); + exit; + } +} else { $curif = "wan"; +} $pgtitle = array(gettext("Status"),gettext("Traffic Graph")); @@ -72,7 +87,7 @@ include("head.inc"); <script language="javascript" type="text/javascript"> function updateBandwidth(){ - var hostinterface = "<?php echo $curif; ?>"; + var hostinterface = "<?php echo htmlspecialchars($curif); ?>"; bandwidthAjax(hostinterface); } @@ -149,12 +164,6 @@ function updateBandwidthHosts(data){ <?php include("fbegin.inc"); ?> <?php -$ifdescrs = array('wan' => gettext('WAN'), 'lan' => gettext('LAN')); - -for($j = 1; isset($config['interfaces']['opt' . $j]); $j++) { - if(isset($config['interfaces']['opt' . $j]['enable'])) - $ifdescrs['opt' . $j] = $config['interfaces']['opt' . $j]['descr']; -} /* link the ipsec interface magically */ if (isset($config['ipsec']['enable']) || isset($config['ipsec']['mobileclients']['enable'])) @@ -179,8 +188,8 @@ foreach ($ifdescrs as $ifn => $ifd) { <p> <div id="niftyOutter"> <div id="col1" style="float: left; width: 46%; padding: 5px; position: relative;"> - <object data="graph.php?ifnum=<?=$curif;?>&ifname=<?=rawurlencode($ifdescrs[$curif]);?>" type="image/svg+xml" width="<?=$width;?>" height="<?=$height;?>"> - <param name="src" value="graph.php?ifnum=<?=$curif;?>&ifname=<?=rawurlencode($ifdescrs[$curif]);?>" /> + <object data="graph.php?ifnum=<?=htmlspecialchars($curif);?>&ifname=<?=rawurlencode($ifdescrs[htmlspecialchars($curif)]);?>" type="image/svg+xml" width="<?=$width;?>" height="<?=$height;?>"> + <param name="src" value="graph.php?ifnum=<?=htmlspecialchars($curif);?>&ifname=<?=rawurlencode($ifdescrs[htmlspecialchars($curif)]);?>" /> <?=gettext("Your browser does not support the type SVG! You need to either use Firefox or download the Adobe SVG plugin"); ?>. </object> </div> |
