diff options
author | jim-p <jimp@netgate.com> | 2019-01-29 12:04:47 -0500 |
---|---|---|
committer | jim-p <jimp@netgate.com> | 2019-01-29 14:23:05 -0500 |
commit | 7e9de4b150930ba66e6385def17e42ba2c0565b3 (patch) | |
tree | 18b157cd0804312bb6d43eee1e417212b52da7b4 /src/usr/local/www | |
parent | ca0234c39abc2375bf9be5d2e236dea40a716182 (diff) | |
download | pfsense-7e9de4b150930ba66e6385def17e42ba2c0565b3.zip pfsense-7e9de4b150930ba66e6385def17e42ba2c0565b3.tar.gz |
Input validation and encoding of IGMP proxy addresses. Issue #9294
(cherry picked from commit 261916e5d3f833a58d5cef1afdadc7495ec2c74b)
Diffstat (limited to 'src/usr/local/www')
-rw-r--r-- | src/usr/local/www/services_igmpproxy.php | 2 | ||||
-rw-r--r-- | src/usr/local/www/services_igmpproxy_edit.php | 11 |
2 files changed, 9 insertions, 4 deletions
diff --git a/src/usr/local/www/services_igmpproxy.php b/src/usr/local/www/services_igmpproxy.php index 0271436..cd73c9c 100644 --- a/src/usr/local/www/services_igmpproxy.php +++ b/src/usr/local/www/services_igmpproxy.php @@ -135,7 +135,7 @@ foreach ($a_igmpproxy as $igmpentry): <td> <?php $addresses = implode(", ", array_slice(explode(" ", $igmpentry['address']), 0, 10)); - print($addresses); + print(htmlspecialchars($addresses)); if (!is_array($igmpentry['address']) || count($igmpentry['address']) < 10) { print(' '); diff --git a/src/usr/local/www/services_igmpproxy_edit.php b/src/usr/local/www/services_igmpproxy_edit.php index 943c0b1..251de01 100644 --- a/src/usr/local/www/services_igmpproxy_edit.php +++ b/src/usr/local/www/services_igmpproxy_edit.php @@ -83,9 +83,14 @@ if ($_POST['save']) { $address .= " "; } - $address .= $_POST["address{$x}"]; - $address .= "/" . $_POST["address_subnet{$x}"]; - $isfirst++; + $this_addr = $_POST["address{$x}"] . "/" . $_POST["address_subnet{$x}"]; + if (is_subnet($this_addr)) { + $address .= $this_addr; + $isfirst++; + } else { + $input_errors[] = sprintf(gettext("The following submitted address is invalid: %s"), $this_addr); + } + $x++; } |