diff options
| author | Scott Ullrich <sullrich@pfsense.org> | 2008-02-12 04:40:35 +0000 |
|---|---|---|
| committer | Scott Ullrich <sullrich@pfsense.org> | 2008-02-12 04:40:35 +0000 |
| commit | d8c1a6c53c524714ad61dbcced0040108312a260 (patch) | |
| tree | 6db2c41cf27483aa10c475cc19f0ff219a679296 /usr/local/www/pkg_mgr_install.php | |
| parent | 017648626c9e36526edd3a6212650f431ac16841 (diff) | |
| download | pfsense-d8c1a6c53c524714ad61dbcced0040108312a260.zip pfsense-d8c1a6c53c524714ad61dbcced0040108312a260.tar.gz | |
Make scripts XSS input safe.
Pointed-out: by hoopercharles@gmail.com
Diffstat (limited to 'usr/local/www/pkg_mgr_install.php')
| -rwxr-xr-x | usr/local/www/pkg_mgr_install.php | 28 |
1 files changed, 14 insertions, 14 deletions
diff --git a/usr/local/www/pkg_mgr_install.php b/usr/local/www/pkg_mgr_install.php index a1038a6..931e8d0 100755 --- a/usr/local/www/pkg_mgr_install.php +++ b/usr/local/www/pkg_mgr_install.php @@ -118,28 +118,28 @@ switch($_GET['mode']) { case "delete": $id = get_pkg_id($_GET['pkg']); $todel = substr(reverse_strrchr($config['installedpackages']['package'][$id]['depends_on_package'], "."), 0, -1); - delete_package($todel, $_GET['pkg']); - delete_package_xml($_GET['pkg']); + delete_package($todel, htmlspecialchars($_GET['pkg'])); + delete_package_xml(htmlspecialchars($_GET['pkg'])); update_status("Package deleted."); $static_output .= "\nPackage deleted."; update_output_window($static_output); break; case "reinstallpkg": - $id = get_pkg_id($_GET['pkg']); + $id = get_pkg_id(htmlspecialchars($_GET['pkg'])); $todel = substr(reverse_strrchr($config['installedpackages']['package'][$id]['depends_on_package'], "."), 0, -1); - delete_package($todel, $_GET['pkg']); - delete_package_xml($_GET['pkg']); - install_package($_GET['pkg']); + delete_package($todel, htmlspecialchars($_GET['pkg'])); + delete_package_xml(htmlspecialchars($_GET['pkg'])); + install_package(htmlspecialchars($_GET['pkg'])); update_status("Package reinstalled."); $static_output .= "\n\nPackage reinstalled."; - start_service($_GET['pkg']); + start_service(htmlspecialchars($_GET['pkg'])); update_output_window($static_output); break; case "reinstallxml": - delete_package_xml($_GET['pkg']); - install_package($_GET['pkg']); + delete_package_xml(htmlspecialchars($_GET['pkg'])); + install_package(htmlspecialchars($_GET['pkg'])); $static_output .= "\n\nPackage reinstalled."; - start_service($_GET['pkg']); + start_service(htmlspecialchars($_GET['pkg'])); update_output_window($static_output); break; case "reinstallall": @@ -157,16 +157,16 @@ switch($_GET['mode']) { } update_status("All packages reinstalled."); $static_output .= "\n\nAll packages reinstalled."; - start_service($_GET['pkg']); + start_service(htmlspecialchars($_GET['pkg'])); update_output_window($static_output); break; default: - $status = install_package($_GET['id']); + $status = install_package(htmlspecialchars($_GET['id'])); if($status == -1) { - update_status("Installation of {$_GET['id']} FAILED!"); + update_status("Installation of " . htmlspecialchars($_GET['id']) . " FAILED!"); $static_output .= "\n\nInstallation halted."; } else { - update_status("Installation of {$_GET['id']} completed."); + update_status("Installation of " . htmlspecialchars($_GET['id']) . " completed."); $static_output .= "\n\nInstallation completed. Please check to make sure that the package is configured from the respective menu then start the package."; } update_output_window($static_output); |
