Make sure entered # is a integer and use htmlspecialchars()

author: Scott Ullrich <sullrich@pfsense.org> 2009-08-20 21:45:39 -0400
committer: Scott Ullrich <sullrich@pfsense.org> 2009-08-20 21:45:39 -0400
commit: 990a271cb6baf3a4435fa6d2c43973fb28aa2302 (patch)
tree: f7c9ce794d16ff38d2fc0ce8501719f6084feea8 /usr/local/www/services_dhcp.php
parent: 2a778c444d279be60caf7df696e0f07acdbdd309 (diff)
download: pfsense-990a271cb6baf3a4435fa6d2c43973fb28aa2302.zip
pfsense-990a271cb6baf3a4435fa6d2c43973fb28aa2302.tar.gz
1 files changed, 5 insertions, 3 deletions
diff --git a/usr/local/www/services_dhcp.php b/usr/local/www/services_dhcp.php
index d21fc3a..1e94ced 100755
--- a/usr/local/www/services_dhcp.php
+++ b/usr/local/www/services_dhcp.php
@@ -299,9 +299,11 @@ if ($_POST) {
 		$numbervalue = array();
 		unset($config['dhcpd'][$if]['numberoptions']['item']);
 		for($x=0; $x<isset($_POST["number{$x}"]); $x++) {
-			$numbervalue['number'] = $_POST["number{$x}"];
-			$numbervalue['value'] = $_POST["value{$x}"];
-			$config['dhcpd'][$if]['numberoptions']['item'][] = $numbervalue;			
+			if(is_int($_POST["number{$x}"])) {
+				$numbervalue['number'] = htmlspecialchars($_POST["number{$x}"]);
+				$numbervalue['value'] = htmlspecialchars($_POST["value{$x}"]);
+				$config['dhcpd'][$if]['numberoptions']['item'][] = $numbervalue;
+			}
 		}
 		$pconfig['numberoptions'] = $config['dhcpd'][$if]['numberoptions'];
author	Scott Ullrich <sullrich@pfsense.org>	2009-08-20 21:45:39 -0400
committer	Scott Ullrich <sullrich@pfsense.org>	2009-08-20 21:45:39 -0400
commit	990a271cb6baf3a4435fa6d2c43973fb28aa2302 (patch)
tree	f7c9ce794d16ff38d2fc0ce8501719f6084feea8 /usr/local/www/services_dhcp.php
parent	2a778c444d279be60caf7df696e0f07acdbdd309 (diff)
download	pfsense-990a271cb6baf3a4435fa6d2c43973fb28aa2302.zip pfsense-990a271cb6baf3a4435fa6d2c43973fb28aa2302.tar.gz