diff options
author | Renato Botelho <garga@FreeBSD.org> | 2014-06-06 11:48:15 -0300 |
---|---|---|
committer | Renato Botelho <garga@FreeBSD.org> | 2014-06-06 11:53:21 -0300 |
commit | 4cc342453cce69fc8da06ff22bbe79aadb7bd4df (patch) | |
tree | 07225d3243c7bdb170bde55d71c6c1f567e33cc6 /etc | |
parent | cbf16c3020be196a8d3798761bda0b545a6bca3d (diff) | |
download | pfsense-4cc342453cce69fc8da06ff22bbe79aadb7bd4df.zip pfsense-4cc342453cce69fc8da06ff22bbe79aadb7bd4df.tar.gz |
Add some protection to parameters that come through _GET
Diffstat (limited to 'etc')
-rw-r--r-- | etc/inc/service-utils.inc | 18 |
1 files changed, 9 insertions, 9 deletions
diff --git a/etc/inc/service-utils.inc b/etc/inc/service-utils.inc index 0e9009b..7b78f5f 100644 --- a/etc/inc/service-utils.inc +++ b/etc/inc/service-utils.inc @@ -515,7 +515,7 @@ function service_control_start($name, $extras) { services_radvd_configure(); break; case 'captiveportal': - $zone = $extras['zone']; + $zone = htmlspecialchars($extras['zone']); captiveportal_init_webgui_zonename($zone); break; case 'ntpd': @@ -550,9 +550,9 @@ function service_control_start($name, $extras) { vpn_ipsec_force_reload(); break; case 'openvpn': - $vpnmode = isset($extras['vpnmode']) ? $extras['vpnmode'] : $extras['mode']; + $vpnmode = isset($extras['vpnmode']) ? htmlspecialchars($extras['vpnmode']) : htmlspecialchars($extras['mode']); if (($vpnmode == "server") || ($vpnmode == "client")) { - $id = isset($extras['vpnid']) ? $extras['vpnid'] : $extras['id']; + $id = isset($extras['vpnid']) ? htmlspecialchars($extras['vpnid']) : htmlspecialchars($extras['id']); $configfile = "{$g['varetc_path']}/openvpn/{$vpnmode}{$id}.conf"; if (file_exists($configfile)) openvpn_restart_by_vpnid($vpnmode, $id); @@ -574,7 +574,7 @@ function service_control_stop($name, $extras) { killbypid("{$g['varrun_path']}/radvd.pid"); break; case 'captiveportal': - $zone = $extras['zone']; + $zone = htmlspecialchars($extras['zone']); killbypid("{$g['varrun_path']}/lighty-{$zone}-CaptivePortal.pid"); killbypid("{$g['varrun_path']}/lighty-{$zone}-CaptivePortal-SSL.pid"); break; @@ -618,9 +618,9 @@ function service_control_stop($name, $extras) { exec("killall -9 racoon"); break; case 'openvpn': - $vpnmode = $extras['vpnmode']; + $vpnmode = htmlspecialchars($extras['vpnmode']); if (($vpnmode == "server") or ($vpnmode == "client")) { - $id = $extras['id']; + $id = htmlspecialchars($extras['id']); $pidfile = "{$g['varrun_path']}/openvpn_{$vpnmode}{$id}.pid"; killbypid($pidfile); } @@ -641,7 +641,7 @@ function service_control_restart($name, $extras) { services_radvd_configure(); break; case 'captiveportal': - $zone = $extras['zone']; + $zone = htmlspecialchars($extras['zone']); killbypid("{$g['varrun_path']}/lighty-{$zone}-CaptivePortal.pid"); killbypid("{$g['varrun_path']}/lighty-{$zone}-CaptivePortal-SSL.pid"); captiveportal_init_webgui_zonename($zone); @@ -679,9 +679,9 @@ function service_control_restart($name, $extras) { vpn_ipsec_force_reload(); break; case 'openvpn': - $vpnmode = $extras['vpnmode']; + $vpnmode = htmlspecialchars($extras['vpnmode']); if ($vpnmode == "server" || $vpnmode == "client") { - $id = $extras['id']; + $id = htmlspecialchars($extras['id']); $configfile = "{$g['varetc_path']}/openvpn/{$vpnmode}{$id}.conf"; if (file_exists($configfile)) openvpn_restart_by_vpnid($vpnmode, $id); |