summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorScott Ullrich <sullrich@pfsense.org>2010-11-10 09:49:21 -0500
committerScott Ullrich <sullrich@pfsense.org>2010-11-10 09:49:47 -0500
commitdaab67a170ddf38a76605e32a56874780e82b62d (patch)
tree66ad88a3ea2c9cf82f0bf1a5dfc2c4eec3ebfa54
parentf0ce6758e81a036a6eee144549cbe9e4c72bbe8e (diff)
downloadpfsense-daab67a170ddf38a76605e32a56874780e82b62d.zip
pfsense-daab67a170ddf38a76605e32a56874780e82b62d.tar.gz
Fix misc XSS issues from davey b
-rwxr-xr-xusr/local/www/diag_logs.php4
-rwxr-xr-xusr/local/www/diag_logs_filter.php4
-rwxr-xr-xusr/local/www/diag_logs_vpn.php4
-rwxr-xr-xusr/local/www/firewall_shaper.php10
-rw-r--r--usr/local/www/firewall_shaper_vinterface.php14
-rwxr-xr-xusr/local/www/status_dhcp_leases.php2
-rwxr-xr-xusr/local/www/status_services.php6
7 files changed, 22 insertions, 22 deletions
diff --git a/usr/local/www/diag_logs.php b/usr/local/www/diag_logs.php
index 145d480..35b6231 100755
--- a/usr/local/www/diag_logs.php
+++ b/usr/local/www/diag_logs.php
@@ -54,10 +54,10 @@ if ($_POST['clear'])
clear_log_file($system_logfile);
if ($_GET['filtertext'])
- $filtertext = $_GET['filtertext'];
+ $filtertext = htmlspecialchars($_GET['filtertext']);
if ($_POST['filtertext'])
- $filtertext = $_POST['filtertext'];
+ $filtertext = htmlspecialchars($_POST['filtertext']);
if ($filtertext)
$filtertextmeta="?filtertext=$filtertext";
diff --git a/usr/local/www/diag_logs_filter.php b/usr/local/www/diag_logs_filter.php
index 02b2591..025a7a3 100755
--- a/usr/local/www/diag_logs_filter.php
+++ b/usr/local/www/diag_logs_filter.php
@@ -73,9 +73,9 @@ if($_GET['dnsip'] or $_POST['dnsip']) {
$filtertext = "";
if($_GET['filtertext'] or $_POST['filtertext']) {
if($_GET['filtertext'])
- $filtertext = $_GET['filtertext'];
+ $filtertext = htmlspecialchars($_GET['filtertext']);
if($_POST['filtertext'])
- $filtertext = $_POST['filtertext'];
+ $filtertext = htmlspecialchars($_POST['filtertext']);
}
$filter_logfile = "{$g['varlog_path']}/filter.log";
diff --git a/usr/local/www/diag_logs_vpn.php b/usr/local/www/diag_logs_vpn.php
index 36bdb58..adef3e1 100755
--- a/usr/local/www/diag_logs_vpn.php
+++ b/usr/local/www/diag_logs_vpn.php
@@ -49,8 +49,8 @@ $nentries = $config['syslog']['nentries'];
if (!$nentries)
$nentries = 50;
-$vpntype = ($_GET['vpntype']) ? $_GET['vpntype'] : "pptp";
-$mode = ($_GET['mode']) ? $_GET['mode'] : "login";
+$vpntype = (htmlspecialchars($_GET['vpntype'])) ? htmlspecialchars($_GET['vpntype']) : "pptp";
+$mode = (htmlspecialchars($_GET['mode'])) ? htmlspecialchars($_GET['mode']) : "login";
if ($_POST['clear'])
clear_log_file("/var/log/vpn.log");
diff --git a/usr/local/www/firewall_shaper.php b/usr/local/www/firewall_shaper.php
index 7de18d1..f3cdbab 100755
--- a/usr/local/www/firewall_shaper.php
+++ b/usr/local/www/firewall_shaper.php
@@ -65,17 +65,17 @@ if ($_GET) {
if ($_GET['queue'])
$qname = trim($_GET['queue']);
if ($_GET['interface'])
- $interface = trim($_GET['interface']);
+ $interface = htmlspecialchars(trim($_GET['interface']));
if ($_GET['action'])
- $action = $_GET['action'];
+ $action = htmlspecialchars($_GET['action']);
}
if ($_POST) {
if ($_POST['name'])
- $qname = trim($_POST['name']);
+ $qname = htmlspecialchars(trim($_POST['name']));
if ($_POST['interface'])
- $interface = trim($_POST['interface']);
+ $interface = htmlspecialchars(trim($_POST['interface']));
if ($_POST['parentqueue'])
- $parentqueue = trim($_POST['parentqueue']);
+ $parentqueue = htmlspecialchars(trim($_POST['parentqueue']));
}
if ($interface) {
diff --git a/usr/local/www/firewall_shaper_vinterface.php b/usr/local/www/firewall_shaper_vinterface.php
index 52f8698..865f048 100644
--- a/usr/local/www/firewall_shaper_vinterface.php
+++ b/usr/local/www/firewall_shaper_vinterface.php
@@ -62,21 +62,21 @@ read_dummynet_config();
if ($_GET) {
if ($_GET['queue'])
- $qname = trim($_GET['queue']);
+ $qname = htmlspecialchars(trim($_GET['queue']));
if ($_GET['pipe'])
- $pipe = trim($_GET['pipe']);
+ $pipe = htmlspecialchars(trim($_GET['pipe']));
if ($_GET['action'])
- $action = $_GET['action'];
+ $action = htmlspecialchars($_GET['action']);
}
if ($_POST) {
if ($_POST['name'])
- $qname = trim($_POST['name']);
+ $qname = htmlspecialchars(trim($_POST['name']));
if ($_POST['pipe'])
- $pipe = trim($_POST['pipe']);
+ $pipe = htmlspecialchars(trim($_POST['pipe']));
else
- $pipe = trim($_POST['name']);
+ $pipe = htmlspecialchars(trim($_POST['name']));
if ($_POST['parentqueue'])
- $parentqueue = trim($_POST['parentqueue']);
+ $parentqueue = htmlspecialchars(trim($_POST['parentqueue']));
}
if ($pipe) {
diff --git a/usr/local/www/status_dhcp_leases.php b/usr/local/www/status_dhcp_leases.php
index f7981c8..dd2a0db 100755
--- a/usr/local/www/status_dhcp_leases.php
+++ b/usr/local/www/status_dhcp_leases.php
@@ -393,7 +393,7 @@ foreach ($leases as $data) {
</table>
<p>
<form action="status_dhcp_leases.php" method="GET">
-<input type="hidden" name="order" value="<?=$_GET['order'];?>">
+<input type="hidden" name="order" value="<?=htmlspecialchars($_GET['order']);?>">
<?php if ($_GET['all']): ?>
<input type="hidden" name="all" value="0">
<input type="submit" class="formbtn" value="<?=gettext("Show active and static leases only"); ?>">
diff --git a/usr/local/www/status_services.php b/usr/local/www/status_services.php
index 97aa1ce..779e396 100755
--- a/usr/local/www/status_services.php
+++ b/usr/local/www/status_services.php
@@ -104,7 +104,7 @@ if($_GET['mode'] == "restartservice" and !empty($_GET['service'])) {
restart_service($_GET['service']);
break;
}
- $savemsg = sprintf(gettext("%s has been restarted."),$_GET['service']);
+ $savemsg = sprintf(gettext("%s has been restarted."),htmlspecialchars($_GET['service']));
sleep(5);
}
@@ -148,7 +148,7 @@ if($_GET['mode'] == "startservice" and !empty($_GET['service'])) {
start_service($_GET['service']);
break;
}
- $savemsg = sprintf(gettext("%s has been started."),$_GET['service']);
+ $savemsg = sprintf(gettext("%s has been started."),htmlspecialchars($_GET['service']));
sleep(5);
}
@@ -203,7 +203,7 @@ if($_GET['mode'] == "stopservice" && !empty($_GET['service'])) {
stop_service($_GET['service']);
break;
}
- $savemsg = sprintf(gettext("%s has been stopped."), $_GET['service']);
+ $savemsg = sprintf(gettext("%s has been stopped."), htmlspecialchars($_GET['service']));
sleep(5);
}
OpenPOWER on IntegriCloud