summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorRenato Botelho <renato@netgate.com>2016-09-20 07:16:31 -0300
committerRenato Botelho <renato@netgate.com>2016-09-20 07:16:40 -0300
commit353729379264fdbdf0ba209634647ce645ffc89d (patch)
tree9c015f299609b18288ee903639fce879c194fe01
parent8117e7fb126285060d6c2dcab4eff84a204b6d1b (diff)
downloadpfsense-353729379264fdbdf0ba209634647ce645ffc89d.zip
pfsense-353729379264fdbdf0ba209634647ce645ffc89d.tar.gz
Sanitize 'zone' parameter on CP pages
Diffstat
-rw-r--r--src/usr/local/www/services_captiveportal_filemanager.php2
-rw-r--r--src/usr/local/www/services_captiveportal_hostname.php2
-rw-r--r--src/usr/local/www/services_captiveportal_hostname_edit.php2
-rw-r--r--src/usr/local/www/services_captiveportal_ip.php2
-rw-r--r--src/usr/local/www/services_captiveportal_ip_edit.php2
-rw-r--r--src/usr/local/www/services_captiveportal_mac.php2
-rw-r--r--src/usr/local/www/services_captiveportal_mac_edit.php2
-rw-r--r--src/usr/local/www/services_captiveportal_vouchers.php2
-rw-r--r--src/usr/local/www/services_captiveportal_vouchers_edit.php2
-rw-r--r--src/usr/local/www/services_captiveportal_zones.php2
-rw-r--r--src/usr/local/www/services_captiveportal_zones_edit.php2
11 files changed, 11 insertions, 11 deletions
diff --git a/src/usr/local/www/services_captiveportal_filemanager.php b/src/usr/local/www/services_captiveportal_filemanager.php
index 82acfdb..1f4e93e 100644
--- a/src/usr/local/www/services_captiveportal_filemanager.php
+++ b/src/usr/local/www/services_captiveportal_filemanager.php
@@ -52,7 +52,7 @@ $cpzone = $_GET['zone'];
if (isset($_POST['zone'])) {
$cpzone = $_POST['zone'];
}
-$cpzone = strtolower($cpzone);
+$cpzone = strtolower(htmlspecialchars($cpzone));
if (empty($cpzone)) {
header("Location: services_captiveportal_zones.php");
diff --git a/src/usr/local/www/services_captiveportal_hostname.php b/src/usr/local/www/services_captiveportal_hostname.php
index a4e46b0..6c2af91 100644
--- a/src/usr/local/www/services_captiveportal_hostname.php
+++ b/src/usr/local/www/services_captiveportal_hostname.php
@@ -43,7 +43,7 @@ $cpzone = $_GET['zone'];
if (isset($_POST['zone'])) {
$cpzone = $_POST['zone'];
}
-$cpzone = strtolower($cpzone);
+$cpzone = strtolower(htmlspecialchars($cpzone));
if (empty($cpzone) || empty($config['captiveportal'][$cpzone])) {
header("Location: services_captiveportal_zones.php");
diff --git a/src/usr/local/www/services_captiveportal_hostname_edit.php b/src/usr/local/www/services_captiveportal_hostname_edit.php
index 6d8102d..cabc214 100644
--- a/src/usr/local/www/services_captiveportal_hostname_edit.php
+++ b/src/usr/local/www/services_captiveportal_hostname_edit.php
@@ -47,7 +47,7 @@ $cpzone = $_GET['zone'];
if (isset($_POST['zone'])) {
$cpzone = $_POST['zone'];
}
-$cpzone = strtolower($cpzone);
+$cpzone = strtolower(htmlspecialchars($cpzone));
$cpzoneid = $config['captiveportal'][$cpzone]['zoneid'];
diff --git a/src/usr/local/www/services_captiveportal_ip.php b/src/usr/local/www/services_captiveportal_ip.php
index b09cc94..9487ba5 100644
--- a/src/usr/local/www/services_captiveportal_ip.php
+++ b/src/usr/local/www/services_captiveportal_ip.php
@@ -43,7 +43,7 @@ $cpzone = $_GET['zone'];
if (isset($_POST['zone'])) {
$cpzone = $_POST['zone'];
}
-$cpzone = strtolower($cpzone);
+$cpzone = strtolower(htmlspecialchars($cpzone));
if (empty($cpzone) || empty($config['captiveportal'][$cpzone])) {
header("Location: services_captiveportal_zones.php");
diff --git a/src/usr/local/www/services_captiveportal_ip_edit.php b/src/usr/local/www/services_captiveportal_ip_edit.php
index c014e86..daed6da 100644
--- a/src/usr/local/www/services_captiveportal_ip_edit.php
+++ b/src/usr/local/www/services_captiveportal_ip_edit.php
@@ -51,7 +51,7 @@ $cpzone = $_GET['zone'];
if (isset($_POST['zone'])) {
$cpzone = $_POST['zone'];
}
-$cpzone = strtolower($cpzone);
+$cpzone = strtolower(htmlspecialchars($cpzone));
if (empty($cpzone) || empty($config['captiveportal'][$cpzone])) {
header("Location: services_captiveportal_zones.php");
diff --git a/src/usr/local/www/services_captiveportal_mac.php b/src/usr/local/www/services_captiveportal_mac.php
index 0c7b058..193cffb 100644
--- a/src/usr/local/www/services_captiveportal_mac.php
+++ b/src/usr/local/www/services_captiveportal_mac.php
@@ -44,7 +44,7 @@ $cpzone = $_GET['zone'];
if (isset($_POST['zone'])) {
$cpzone = $_POST['zone'];
}
-$cpzone = strtolower($cpzone);
+$cpzone = strtolower(htmlspecialchars($cpzone));
if (empty($cpzone) || empty($config['captiveportal'][$cpzone])) {
header("Location: services_captiveportal_zones.php");
diff --git a/src/usr/local/www/services_captiveportal_mac_edit.php b/src/usr/local/www/services_captiveportal_mac_edit.php
index 0fba378..270daf3 100644
--- a/src/usr/local/www/services_captiveportal_mac_edit.php
+++ b/src/usr/local/www/services_captiveportal_mac_edit.php
@@ -54,7 +54,7 @@ $cpzone = $_GET['zone'];
if (isset($_POST['zone'])) {
$cpzone = $_POST['zone'];
}
-$cpzone = strtolower($cpzone);
+$cpzone = strtolower(htmlspecialchars($cpzone));
if (empty($cpzone) || empty($config['captiveportal'][$cpzone])) {
header("Location: services_captiveportal_zones.php");
diff --git a/src/usr/local/www/services_captiveportal_vouchers.php b/src/usr/local/www/services_captiveportal_vouchers.php
index 5bb2b3d..4ce7982 100644
--- a/src/usr/local/www/services_captiveportal_vouchers.php
+++ b/src/usr/local/www/services_captiveportal_vouchers.php
@@ -43,7 +43,7 @@ $cpzone = $_GET['zone'];
if (isset($_POST['zone'])) {
$cpzone = $_POST['zone'];
}
-$cpzone = strtolower($cpzone);
+$cpzone = strtolower(htmlspecialchars($cpzone));
if ($_REQUEST['generatekey']) {
exec("/usr/bin/openssl genrsa 64 > /tmp/key64.private");
diff --git a/src/usr/local/www/services_captiveportal_vouchers_edit.php b/src/usr/local/www/services_captiveportal_vouchers_edit.php
index c7eebc8..3912e74 100644
--- a/src/usr/local/www/services_captiveportal_vouchers_edit.php
+++ b/src/usr/local/www/services_captiveportal_vouchers_edit.php
@@ -38,7 +38,7 @@ $cpzone = $_GET['zone'];
if (isset($_POST['zone'])) {
$cpzone = $_POST['zone'];
}
-$cpzone = strtolower($cpzone);
+$cpzone = strtolower(htmlspecialchars($cpzone));
if (empty($cpzone) || empty($config['captiveportal'][$cpzone])) {
header("Location: services_captiveportal_zones.php");
diff --git a/src/usr/local/www/services_captiveportal_zones.php b/src/usr/local/www/services_captiveportal_zones.php
index 8014ca8..2a9fc67 100644
--- a/src/usr/local/www/services_captiveportal_zones.php
+++ b/src/usr/local/www/services_captiveportal_zones.php
@@ -41,7 +41,7 @@ if (!is_array($config['captiveportal'])) {
$a_cp = &$config['captiveportal'];
if ($_GET['act'] == "del" && !empty($_GET['zone'])) {
- $cpzone = htmlspecialchars($_GET['zone']);
+ $cpzone = strtolower(htmlspecialchars($_GET['zone']));
if ($a_cp[$cpzone]) {
$cpzoneid = $a_cp[$cpzone]['zoneid'];
unset($a_cp[$cpzone]['enable']);
diff --git a/src/usr/local/www/services_captiveportal_zones_edit.php b/src/usr/local/www/services_captiveportal_zones_edit.php
index 4ad1013..824143c 100644
--- a/src/usr/local/www/services_captiveportal_zones_edit.php
+++ b/src/usr/local/www/services_captiveportal_zones_edit.php
@@ -62,7 +62,7 @@ if ($_POST) {
}
if (!$input_errors) {
- $cpzone = strtolower($_POST['zone']);
+ $cpzone = strtolower(htmlspecialchars($_POST['zone']);
$a_cp[$cpzone] = array();
$a_cp[$cpzone]['zone'] = str_replace(" ", "", $_POST['zone']);
$a_cp[$cpzone]['descr'] = $_POST['descr'];
OpenPOWER on IntegriCloud