Ticket #1674

No need to use escapeshellargs for everything, use is_ipaddr to validate input instead
while here move head.inc below  the ajax calls - no need to send back more data than necessary

1 files changed, 13 insertions, 10 deletions

diff --git a/usr/local/www/diag_dump_states.php b/usr/local/www/diag_dump_states.php
index 5ee7d13..2b3035f 100755
--- a/usr/local/www/diag_dump_states.php
+++ b/usr/local/www/diag_dump_states.php
@@ -28,31 +28,34 @@
 
 require_once("guiconfig.inc");
 
-$pgtitle = array("Diagnostics","Show States");
-include("head.inc");
-
-$srcip  = escapeshellarg($_GET['srcip']);
-$dstip  = escapeshellarg($_GET['dstip']);
-$action = escapeshellarg($_GET['action']);
-$filter = escapeshellarg($_GET['filter']);
 
 /* handle AJAX operations */
 if($_GET['action']) {
-	if($action == "remove") {
-		$retval = mwexec("/sbin/pfctl -k '{$srcip}' -k '{$dstip}'");
-		echo "|{$srcip}|{$dstip}|{$retval}|";
+	if($_GET['action'] == "remove") {
+		$srcip  = $_GET['srcip'];
+		$dstip  = $_GET['dstip'];
+		if (is_ipaddr($srcip) and is_ipaddr($dstip)) {
+			$retval = mwexec("/sbin/pfctl -k '{$srcip}' -k '{$dstip}'");
+			echo "|{$srcip}|{$dstip}|{$retval}|";
+		} else {
+			echo "invalid input";
+		}
 		exit;
 	}
 }
 
 /* get our states */
 if($_GET['filter']) {
+	$filter = escapeshellarg($_GET['filter']);
 	exec("/sbin/pfctl -s state | grep " . escapeshellarg($_GET['filter']), $states);
 }
 else {
 	exec("/sbin/pfctl -s state", $states);
 }
 
+$pgtitle = array("Diagnostics","Show States");
+include("head.inc");
+
 ?>
 
 <body link="#0000CC" vlink="#0000CC" alink="#0000CC" onload="<?=$jsevents["body"]["onload"];?>">