diff options
author | Renato Botelho <renato@netgate.com> | 2016-09-20 07:16:31 -0300 |
---|---|---|
committer | Renato Botelho <renato@netgate.com> | 2016-09-20 07:16:40 -0300 |
commit | 353729379264fdbdf0ba209634647ce645ffc89d (patch) | |
tree | 9c015f299609b18288ee903639fce879c194fe01 /src/usr/local | |
parent | 8117e7fb126285060d6c2dcab4eff84a204b6d1b (diff) | |
download | pfsense-353729379264fdbdf0ba209634647ce645ffc89d.zip pfsense-353729379264fdbdf0ba209634647ce645ffc89d.tar.gz |
Sanitize 'zone' parameter on CP pages
Diffstat (limited to 'src/usr/local')
11 files changed, 11 insertions, 11 deletions
diff --git a/src/usr/local/www/services_captiveportal_filemanager.php b/src/usr/local/www/services_captiveportal_filemanager.php index 82acfdb..1f4e93e 100644 --- a/src/usr/local/www/services_captiveportal_filemanager.php +++ b/src/usr/local/www/services_captiveportal_filemanager.php @@ -52,7 +52,7 @@ $cpzone = $_GET['zone']; if (isset($_POST['zone'])) { $cpzone = $_POST['zone']; } -$cpzone = strtolower($cpzone); +$cpzone = strtolower(htmlspecialchars($cpzone)); if (empty($cpzone)) { header("Location: services_captiveportal_zones.php"); diff --git a/src/usr/local/www/services_captiveportal_hostname.php b/src/usr/local/www/services_captiveportal_hostname.php index a4e46b0..6c2af91 100644 --- a/src/usr/local/www/services_captiveportal_hostname.php +++ b/src/usr/local/www/services_captiveportal_hostname.php @@ -43,7 +43,7 @@ $cpzone = $_GET['zone']; if (isset($_POST['zone'])) { $cpzone = $_POST['zone']; } -$cpzone = strtolower($cpzone); +$cpzone = strtolower(htmlspecialchars($cpzone)); if (empty($cpzone) || empty($config['captiveportal'][$cpzone])) { header("Location: services_captiveportal_zones.php"); diff --git a/src/usr/local/www/services_captiveportal_hostname_edit.php b/src/usr/local/www/services_captiveportal_hostname_edit.php index 6d8102d..cabc214 100644 --- a/src/usr/local/www/services_captiveportal_hostname_edit.php +++ b/src/usr/local/www/services_captiveportal_hostname_edit.php @@ -47,7 +47,7 @@ $cpzone = $_GET['zone']; if (isset($_POST['zone'])) { $cpzone = $_POST['zone']; } -$cpzone = strtolower($cpzone); +$cpzone = strtolower(htmlspecialchars($cpzone)); $cpzoneid = $config['captiveportal'][$cpzone]['zoneid']; diff --git a/src/usr/local/www/services_captiveportal_ip.php b/src/usr/local/www/services_captiveportal_ip.php index b09cc94..9487ba5 100644 --- a/src/usr/local/www/services_captiveportal_ip.php +++ b/src/usr/local/www/services_captiveportal_ip.php @@ -43,7 +43,7 @@ $cpzone = $_GET['zone']; if (isset($_POST['zone'])) { $cpzone = $_POST['zone']; } -$cpzone = strtolower($cpzone); +$cpzone = strtolower(htmlspecialchars($cpzone)); if (empty($cpzone) || empty($config['captiveportal'][$cpzone])) { header("Location: services_captiveportal_zones.php"); diff --git a/src/usr/local/www/services_captiveportal_ip_edit.php b/src/usr/local/www/services_captiveportal_ip_edit.php index c014e86..daed6da 100644 --- a/src/usr/local/www/services_captiveportal_ip_edit.php +++ b/src/usr/local/www/services_captiveportal_ip_edit.php @@ -51,7 +51,7 @@ $cpzone = $_GET['zone']; if (isset($_POST['zone'])) { $cpzone = $_POST['zone']; } -$cpzone = strtolower($cpzone); +$cpzone = strtolower(htmlspecialchars($cpzone)); if (empty($cpzone) || empty($config['captiveportal'][$cpzone])) { header("Location: services_captiveportal_zones.php"); diff --git a/src/usr/local/www/services_captiveportal_mac.php b/src/usr/local/www/services_captiveportal_mac.php index 0c7b058..193cffb 100644 --- a/src/usr/local/www/services_captiveportal_mac.php +++ b/src/usr/local/www/services_captiveportal_mac.php @@ -44,7 +44,7 @@ $cpzone = $_GET['zone']; if (isset($_POST['zone'])) { $cpzone = $_POST['zone']; } -$cpzone = strtolower($cpzone); +$cpzone = strtolower(htmlspecialchars($cpzone)); if (empty($cpzone) || empty($config['captiveportal'][$cpzone])) { header("Location: services_captiveportal_zones.php"); diff --git a/src/usr/local/www/services_captiveportal_mac_edit.php b/src/usr/local/www/services_captiveportal_mac_edit.php index 0fba378..270daf3 100644 --- a/src/usr/local/www/services_captiveportal_mac_edit.php +++ b/src/usr/local/www/services_captiveportal_mac_edit.php @@ -54,7 +54,7 @@ $cpzone = $_GET['zone']; if (isset($_POST['zone'])) { $cpzone = $_POST['zone']; } -$cpzone = strtolower($cpzone); +$cpzone = strtolower(htmlspecialchars($cpzone)); if (empty($cpzone) || empty($config['captiveportal'][$cpzone])) { header("Location: services_captiveportal_zones.php"); diff --git a/src/usr/local/www/services_captiveportal_vouchers.php b/src/usr/local/www/services_captiveportal_vouchers.php index 5bb2b3d..4ce7982 100644 --- a/src/usr/local/www/services_captiveportal_vouchers.php +++ b/src/usr/local/www/services_captiveportal_vouchers.php @@ -43,7 +43,7 @@ $cpzone = $_GET['zone']; if (isset($_POST['zone'])) { $cpzone = $_POST['zone']; } -$cpzone = strtolower($cpzone); +$cpzone = strtolower(htmlspecialchars($cpzone)); if ($_REQUEST['generatekey']) { exec("/usr/bin/openssl genrsa 64 > /tmp/key64.private"); diff --git a/src/usr/local/www/services_captiveportal_vouchers_edit.php b/src/usr/local/www/services_captiveportal_vouchers_edit.php index c7eebc8..3912e74 100644 --- a/src/usr/local/www/services_captiveportal_vouchers_edit.php +++ b/src/usr/local/www/services_captiveportal_vouchers_edit.php @@ -38,7 +38,7 @@ $cpzone = $_GET['zone']; if (isset($_POST['zone'])) { $cpzone = $_POST['zone']; } -$cpzone = strtolower($cpzone); +$cpzone = strtolower(htmlspecialchars($cpzone)); if (empty($cpzone) || empty($config['captiveportal'][$cpzone])) { header("Location: services_captiveportal_zones.php"); diff --git a/src/usr/local/www/services_captiveportal_zones.php b/src/usr/local/www/services_captiveportal_zones.php index 8014ca8..2a9fc67 100644 --- a/src/usr/local/www/services_captiveportal_zones.php +++ b/src/usr/local/www/services_captiveportal_zones.php @@ -41,7 +41,7 @@ if (!is_array($config['captiveportal'])) { $a_cp = &$config['captiveportal']; if ($_GET['act'] == "del" && !empty($_GET['zone'])) { - $cpzone = htmlspecialchars($_GET['zone']); + $cpzone = strtolower(htmlspecialchars($_GET['zone'])); if ($a_cp[$cpzone]) { $cpzoneid = $a_cp[$cpzone]['zoneid']; unset($a_cp[$cpzone]['enable']); diff --git a/src/usr/local/www/services_captiveportal_zones_edit.php b/src/usr/local/www/services_captiveportal_zones_edit.php index 4ad1013..824143c 100644 --- a/src/usr/local/www/services_captiveportal_zones_edit.php +++ b/src/usr/local/www/services_captiveportal_zones_edit.php @@ -62,7 +62,7 @@ if ($_POST) { } if (!$input_errors) { - $cpzone = strtolower($_POST['zone']); + $cpzone = strtolower(htmlspecialchars($_POST['zone']); $a_cp[$cpzone] = array(); $a_cp[$cpzone]['zone'] = str_replace(" ", "", $_POST['zone']); $a_cp[$cpzone]['descr'] = $_POST['descr']; |