diff options
| author | Renato Botelho <garga@FreeBSD.org> | 2014-06-06 11:48:15 -0300 |
|---|---|---|
| committer | Renato Botelho <garga@FreeBSD.org> | 2014-06-06 11:48:15 -0300 |
| commit | 2f9951fe0e401ed231d61b8c3ad75531a6dbb797 (patch) | |
| tree | 35636bfeca764404c8331acd9b543d873ab85023 /usr/local/www/status_services.php | |
| parent | 1c52509cabc014ca55e07548338b3990bfc2ace9 (diff) | |
| download | pfsense-2f9951fe0e401ed231d61b8c3ad75531a6dbb797.zip pfsense-2f9951fe0e401ed231d61b8c3ad75531a6dbb797.tar.gz | |
Add some protection to parameters that come through _GET
Diffstat (limited to 'usr/local/www/status_services.php')
| -rwxr-xr-x | usr/local/www/status_services.php | 12 |
1 files changed, 8 insertions, 4 deletions
diff --git a/usr/local/www/status_services.php b/usr/local/www/status_services.php index 48f9db4..c08f773 100755 --- a/usr/local/www/status_services.php +++ b/usr/local/www/status_services.php @@ -41,16 +41,20 @@ require_once("guiconfig.inc"); require_once("service-utils.inc"); require_once("shortcuts.inc"); -if (!empty($_GET['service'])) { +$service_name = ''; +if (isset($_GET['service'])) + $service_name = htmlspecialchars($_GET['service']); + +if (!empty($service_name)) { switch ($_GET['mode']) { case "restartservice": - $savemsg = service_control_restart($_GET['service'], $_GET); + $savemsg = service_control_restart($service_name, $_GET); break; case "startservice": - $savemsg = service_control_start($_GET['service'], $_GET); + $savemsg = service_control_start($service_name, $_GET); break; case "stopservice": - $savemsg = service_control_stop($_GET['service'], $_GET); + $savemsg = service_control_stop($service_name, $_GET); break; } sleep(5); |
