diff options
| author | Erik Fonnesbeck <efonnes@gmail.com> | 2010-11-21 09:32:33 -0700 |
|---|---|---|
| committer | Erik Fonnesbeck <efonnes@gmail.com> | 2010-11-21 10:23:34 -0700 |
| commit | 0f806ecab4d4e6f1dae8af476d14e21003f162b2 (patch) | |
| tree | 1403ffe745aea4b782b9ca379ad3ec6b2a710396 /usr/local/www/edit.php | |
| parent | 2b8bdfe47ca88c7f71818ca3e25cd236aa41503e (diff) | |
| download | pfsense-0f806ecab4d4e6f1dae8af476d14e21003f162b2.zip pfsense-0f806ecab4d4e6f1dae8af476d14e21003f162b2.tar.gz | |
Upon restoring a config, replacing whole sections, or editing config.xml in edit.php, prevent possible accidental lockout from DNS rebind and HTTP referrer checks by disabling them until reboot or the next time they pass, whichever comes sooner. Ticket #1027
Diffstat (limited to 'usr/local/www/edit.php')
| -rw-r--r-- | usr/local/www/edit.php | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/usr/local/www/edit.php b/usr/local/www/edit.php index 9236c3f..3b94d69 100644 --- a/usr/local/www/edit.php +++ b/usr/local/www/edit.php @@ -58,9 +58,11 @@ if($_REQUEST['action']) { $_REQUEST['data'] = str_replace("\r", "", base64_decode($_REQUEST['data'])); $ret = file_put_contents($_REQUEST['file'], $_REQUEST['data']); conf_mount_ro(); - if($_REQUEST['file'] == "config.xml") + if($_REQUEST['file'] == "/conf/config.xml" || $_REQUEST['file'] == "/cf/conf/config.xml") { if(file_exists("/tmp/config.cache")) unlink("/tmp/config.cache"); + disable_security_checks(); + } if($ret === false) { echo "|" . gettext("Failed to write file") . ".|"; } elseif($ret <> strlen($_REQUEST['data'])) { |
