summaryrefslogtreecommitdiffstats
path: root/usr/local/www/system_firmware.php
diff options
context:
space:
mode:
authorjim-p <jimp@pfsense.org>2012-10-04 08:55:16 -0400
committerjim-p <jimp@pfsense.org>2012-10-04 08:55:16 -0400
commit73b9d3c60a337ab0fe979958990a717288844ddd (patch)
tree495e0542c574196f7cfb1f8de7ad24b643ea9971 /usr/local/www/system_firmware.php
parent7b27db030c373778a727195e77928e7301b4c6d6 (diff)
downloadpfsense-73b9d3c60a337ab0fe979958990a717288844ddd.zip
pfsense-73b9d3c60a337ab0fe979958990a717288844ddd.tar.gz
Verify posted kernel type against a defined list of good values.
Discovered-By: Yann CAM
Diffstat (limited to 'usr/local/www/system_firmware.php')
-rwxr-xr-xusr/local/www/system_firmware.php16
1 files changed, 11 insertions, 5 deletions
diff --git a/usr/local/www/system_firmware.php b/usr/local/www/system_firmware.php
index ea3d446..fff77cd 100755
--- a/usr/local/www/system_firmware.php
+++ b/usr/local/www/system_firmware.php
@@ -51,6 +51,13 @@ require_once("guiconfig.inc");
$curcfg = $config['system']['firmware'];
+$kerneltypes = array(
+ 'SMP' => gettext("Multiprocessor kernel"),
+ 'single' => gettext("Uniprocessor kernel"),
+ 'wrap' => gettext("Embedded kernel"),
+ 'Developers' => gettext("Developers kernel")
+);
+
require_once("xmlrpc_client.inc");
/* Allow additional execution time 0 = no limit. */
@@ -115,7 +122,7 @@ if(is_subsystem_dirty('firmwarelock')) {
if($_POST['backupbeforeupgrade'])
touch("/tmp/perform_full_backup.txt");
-if($_POST['kerneltype']) {
+if($_POST['kerneltype'] && in_array($_POST['kerneltype'], array_keys($kerneltypes))) {
if($_POST['kerneltype'] == "single")
system("touch /boot/kernel/pfsense_kernel.txt");
else
@@ -281,10 +288,9 @@ if(stristr($_FILES['ulfile']['name'],"nanobsd"))
if($g['platform'] == "pfSense") {
echo gettext("Please select kernel type") , ": ";
echo "<select name='kerneltype'>";
- echo "<option value='SMP'>" . gettext("Multiprocessor kernel") . "</option>";
- echo "<option value='single'>". gettext("Uniprocessor kernel") . "</option>";
- echo "<option value='wrap'>" . gettext("Embedded kernel") . "</option>";
- echo "<option value='Developers'>" . gettext("Developers kernel") . "</option>";
+ foreach($kerneltypes as $kerntype => $kerndescr) {
+ echo "<option value='{$kerntype}'>{$kerndescr}</option>";
+ }
echo "</select>";
echo "<br>";
}
OpenPOWER on IntegriCloud