diff options
author | jim-p <jimp@pfsense.org> | 2015-11-23 12:42:34 -0500 |
---|---|---|
committer | jim-p <jimp@pfsense.org> | 2015-11-23 12:43:27 -0500 |
commit | d8af270ccb73bfa96fd920ebc395d7776bbf17e2 (patch) | |
tree | bfbab1cb8f9f7eaa9d33c8ce0d397d2208b2f7fb /src | |
parent | 3478ac161e8eb18e92c04f2bc8af4921d0a521a6 (diff) | |
download | pfsense-d8af270ccb73bfa96fd920ebc395d7776bbf17e2.zip pfsense-d8af270ccb73bfa96fd920ebc395d7776bbf17e2.tar.gz |
Address some security issues in diag_logs.php. While I'm here, fixup page names and shortcuts.
Diffstat (limited to 'src')
-rwxr-xr-x | src/usr/local/www/diag_logs.php | 50 |
1 files changed, 46 insertions, 4 deletions
diff --git a/src/usr/local/www/diag_logs.php b/src/usr/local/www/diag_logs.php index 660c5b6..f4e0d10 100755 --- a/src/usr/local/www/diag_logs.php +++ b/src/usr/local/www/diag_logs.php @@ -69,13 +69,49 @@ require("guiconfig.inc"); +/* +Build a list of allowed log files so we can reject others to prevent the page +from acting on unauthorized files. +*/ +$allowed_logs = array( + "system" => array("name" => "General", + "shortcut" => ""), + "dhcpd" => array("name" => "DHCP", + "shortcut" => "dhcp"), + "portalauth" => array("name" => "Captive Portal Authentication", + "shortcut" => "captiveportal"), + "ipsec" => array("name" => "IPsec", + "shortcut" => "ipsec"), + "ppp" => array("name" => "PPP", + "shortcut" => ""), + "relayd" => array("name" => "Load Balancer", + "shortcut" => "relayd"), + "openvpn" => array("name" => "OpenVPN", + "shortcut" => "openvpn"), + "ntpd" => array("name" => "NTPd", + "shortcut" => "ntp"), + "gateways" => array("name" => "Gateways", + "shortcut" => "gateways"), + "routing" => array("name" => "Routing", + "shortcut" => "routing"), + "resolver" => array("name" => "DNS Resolver", + "shortcut" => "resolver"), + "wireless" => array("name" => "Wireless", + "shortcut" => "wireless"), +); + // The logs to display are specified in a GET argument. Default to 'system' logs -if (!$_GET['logfile']) +if (!$_GET['logfile']) { $logfile = 'system'; -else +} else { $logfile = $_GET['logfile']; + if (!array_key_exists($logfile, $allowed_logs)) { + /* Do not let someone attempt to load an unauthorized log. */ + $logfile = 'system'; + } +} -$system_logfile = "{$g['varlog_path']}/{$logfile}.log"; +$system_logfile = "{$g['varlog_path']}/" . basename($logfile) . ".log"; $nentries = $config['syslog']['nentries']; if (!$nentries) { @@ -98,7 +134,13 @@ if ($filtertext) { $filtertextmeta="?filtertext=$filtertext"; } -$pgtitle = array(gettext("Status"), gettext("System logs"), gettext("General")); +/* Setup shortcuts if they exist */ + +if (!empty($allowed_logs[$logfile]["shortcut"])) { + $shortcut_section = $allowed_logs[$logfile]["shortcut"]; +} + +$pgtitle = array(gettext("Status"), gettext("System logs"), gettext($allowed_logs[$logfile]["name"])); include("head.inc"); $tab_array = array(); |