diff options
author | jim-p <jimp@pfsense.org> | 2016-12-17 23:01:33 -0500 |
---|---|---|
committer | jim-p <jimp@pfsense.org> | 2016-12-17 23:01:33 -0500 |
commit | ac90c9012453c7e81ff0d0b472a55b116866c56e (patch) | |
tree | 687c824a7da124d654907d14d4a9ef49eec9bd8f /src/usr/local/www/status_captiveportal_test.php | |
parent | 07c812a56fa7a4418b94f4b0858a1b9169023f0b (diff) | |
download | pfsense-ac90c9012453c7e81ff0d0b472a55b116866c56e.zip pfsense-ac90c9012453c7e81ff0d0b472a55b116866c56e.tar.gz |
Fix up validation and encoding on Captive Portal status pages. Fixes #7019
Diffstat (limited to 'src/usr/local/www/status_captiveportal_test.php')
-rw-r--r-- | src/usr/local/www/status_captiveportal_test.php | 26 |
1 files changed, 15 insertions, 11 deletions
diff --git a/src/usr/local/www/status_captiveportal_test.php b/src/usr/local/www/status_captiveportal_test.php index 13363af..5e185b5 100644 --- a/src/usr/local/www/status_captiveportal_test.php +++ b/src/usr/local/www/status_captiveportal_test.php @@ -40,17 +40,21 @@ if (isset($_POST['zone'])) { } $cpzone = strtolower($cpzone); -if (empty($cpzone)) { - header("Location: services_captiveportal_zones.php"); - exit; -} - if (!is_array($config['captiveportal'])) { $config['captiveportal'] = array(); } $a_cp =& $config['captiveportal']; +/* If the zone does not exist, do not display the invalid zone */ +if (!array_key_exists($cpzone, $a_cp)) { + $cpzone = ""; +} + +if (empty($cpzone)) { + header("Location: services_captiveportal_zones.php"); + exit; +} -$pgtitle = array(gettext("Status"), gettext("Captive Portal"), $a_cp[$cpzone]['zone'], gettext("Test Vouchers")); +$pgtitle = array(gettext("Status"), gettext("Captive Portal"), htmlspecialchars($a_cp[$cpzone]['zone']), gettext("Test Vouchers")); $shortcut_section = "captiveportal-vouchers"; include("head.inc"); @@ -73,11 +77,11 @@ if ($_POST) { } $tab_array = array(); -$tab_array[] = array(gettext("Active Users"), false, "status_captiveportal.php?zone={$cpzone}"); -$tab_array[] = array(gettext("Active Vouchers"), false, "status_captiveportal_vouchers.php?zone={$cpzone}"); -$tab_array[] = array(gettext("Voucher Rolls"), false, "status_captiveportal_voucher_rolls.php?zone={$cpzone}"); -$tab_array[] = array(gettext("Test Vouchers"), true, "status_captiveportal_test.php?zone={$cpzone}"); -$tab_array[] = array(gettext("Expire Vouchers"), false, "status_captiveportal_expire.php?zone={$cpzone}"); +$tab_array[] = array(gettext("Active Users"), false, "status_captiveportal.php?zone=" . htmlspecialchars($cpzone)); +$tab_array[] = array(gettext("Active Vouchers"), false, "status_captiveportal_vouchers.php?zone=" . htmlspecialchars($cpzone)); +$tab_array[] = array(gettext("Voucher Rolls"), false, "status_captiveportal_voucher_rolls.php?zone=" . htmlspecialchars($cpzone)); +$tab_array[] = array(gettext("Test Vouchers"), true, "status_captiveportal_test.php?zone=" . htmlspecialchars($cpzone)); +$tab_array[] = array(gettext("Expire Vouchers"), false, "status_captiveportal_expire.php?zone=" . htmlspecialchars($cpzone)); display_top_tabs($tab_array); $form = new Form(false); |