diff options
| author | jim-p <jimp@pfsense.org> | 2017-06-16 15:10:54 -0400 |
|---|---|---|
| committer | jim-p <jimp@pfsense.org> | 2017-06-16 15:24:38 -0400 |
| commit | e90eaf31f079dc29187d1c08cfe88ceabc0786f4 (patch) | |
| tree | de4bcc6ce7ba7768be169458f701449b5c659ad6 /src | |
| parent | 9c8540ca53f8258a44aaf13100d575b30ae77e65 (diff) | |
| download | pfsense-e90eaf31f079dc29187d1c08cfe88ceabc0786f4.zip pfsense-e90eaf31f079dc29187d1c08cfe88ceabc0786f4.tar.gz | |
Fix handling of the 'type' parameter so it is validated and encoded on diag_table.php. Fixes #7652
Diffstat (limited to 'src')
| -rw-r--r-- | src/usr/local/www/diag_tables.php | 11 |
1 files changed, 8 insertions, 3 deletions
diff --git a/src/usr/local/www/diag_tables.php b/src/usr/local/www/diag_tables.php index c1d049d..c192880 100644 --- a/src/usr/local/www/diag_tables.php +++ b/src/usr/local/www/diag_tables.php @@ -31,11 +31,17 @@ $shortcut_section = "aliases"; require_once("guiconfig.inc"); +exec("/sbin/pfctl -sT", $tables); + // Set default table $tablename = "sshlockout"; -if ($_REQUEST['type']) { +if ($_REQUEST['type'] && in_array($_REQUEST['type'], $tables)) { $tablename = $_REQUEST['type']; +} else { + /* Invalid 'type' passed, do not take any actions that use the 'type' field. */ + unset($_REQUEST['type']); + $_REQUEST['delete']; } // Gather selected alias metadata. @@ -112,7 +118,6 @@ if ($_POST['Download'] && ($bogons || $urltable)) { } exec("/sbin/pfctl -t " . escapeshellarg($tablename) . " -T show", $entries); -exec("/sbin/pfctl -sT", $tables); include("head.inc"); @@ -229,7 +234,7 @@ events.push(function() { { type: 'post', data: { - type: '<?=htmlspecialchars($tablename)?>', + type: '<?=htmlspecialchars(addslashes($tablename))?>', delete: $(this).data('entry') }, success: function() { |
