diff options
| author | Ermal <eri@pfsense.org> | 2014-02-18 11:55:03 +0000 |
|---|---|---|
| committer | Ermal <eri@pfsense.org> | 2014-02-18 13:18:33 +0000 |
| commit | 6766e4771ef6582212044ab8938f4757776618a4 (patch) | |
| tree | 0d45f555cf5b2120939b588663f6961ea3dfa119 /usr/local/www/pkg_mgr_install.php | |
| parent | 9e875e0c00b4707e0b13473af431c842f2d42974 (diff) | |
| download | pfsense-6766e4771ef6582212044ab8938f4757776618a4.zip pfsense-6766e4771ef6582212044ab8938f4757776618a4.tar.gz | |
Fixes #3461. Remove any special char that can lead to shell/XSS compromises from submitted input.
Diffstat (limited to 'usr/local/www/pkg_mgr_install.php')
| -rwxr-xr-x | usr/local/www/pkg_mgr_install.php | 21 |
1 files changed, 11 insertions, 10 deletions
diff --git a/usr/local/www/pkg_mgr_install.php b/usr/local/www/pkg_mgr_install.php index 7959b0a..289505c 100755 --- a/usr/local/www/pkg_mgr_install.php +++ b/usr/local/www/pkg_mgr_install.php @@ -114,6 +114,7 @@ Rounded("div#mainareapkg","bl br","#FFF","#eeeeee","smooth"); ob_flush(); +$pkgname = str_replace(array("<", ">", ";", "&", "'"), "", htmlspecialchars_decode($_GET['pkg'])); switch($_GET['mode']) { case "showlog": case "installedinfo": @@ -131,22 +132,22 @@ switch($_GET['mode']) { switch($_GET['mode']) { case "delete": - uninstall_package($_GET['pkg']); + uninstall_package($pkgname); update_status(gettext("Package deleted.")); $static_output .= "\n" . gettext("Package deleted."); update_output_window($static_output); filter_configure(); break; case "showlog": - $id = htmlspecialchars($_GET['pkg']); + $id = htmlspecialchars($pkgname); if(strpos($id, ".")) exit; update_output_window(file_get_contents("/tmp/pkg_mgr_{$id}.log")); break; case "reinstallxml": case "reinstallpkg": - delete_package_xml(htmlspecialchars($_GET['pkg'])); - if (install_package(htmlspecialchars($_GET['pkg'])) < 0) { + delete_package_xml($pkgname); + if (install_package($pkgname) < 0) { update_status(gettext("Package reinstallation failed.")); $static_output .= "\n" . gettext("Package reinstallation failed."); update_output_window($static_output); @@ -156,17 +157,17 @@ switch($_GET['mode']) { update_output_window($static_output); filter_configure(); } - file_put_contents("/tmp/{$_GET['pkg']}.info", $static_output); - echo "<script type='text/javascript'>document.location=\"pkg_mgr_install.php?mode=installedinfo&pkg={$_GET['pkg']}\";</script>"; + file_put_contents("/tmp/{$pkgname}.info", $static_output); + echo "<script type='text/javascript'>document.location=\"pkg_mgr_install.php?mode=installedinfo&pkg={$pkgname}\";</script>"; break; case "installedinfo": - if(file_exists("/tmp/{$_GET['pkg']}.info")) { - $filename = escapeshellcmd("/tmp/" . $_GET['pkg'] . ".info"); + if(file_exists("/tmp/{$pkgname}.info")) { + $filename = escapeshellcmd("/tmp/{$pkgname}.info"); $status = file_get_contents($filename); - update_status($_GET['pkg'] . " " . gettext("installation completed.")); + update_status("{$pkgname} " . gettext("installation completed.")); update_output_window($status); } else - update_output_window(sprintf(gettext("Could not find %s."), htmlspecialchars($_GET['pkg']))); + update_output_window(sprintf(gettext("Could not find %s."), $pkgname)); break; case "reinstallall": if (is_array($config['installedpackages']['package'])) { |
