diff options
author | jim-p <jimp@pfsense.org> | 2012-10-04 08:55:56 -0400 |
---|---|---|
committer | jim-p <jimp@pfsense.org> | 2012-10-04 08:55:56 -0400 |
commit | fa9f5ff99f1a09e7a944bd6eeaf64a50c86c9726 (patch) | |
tree | f5b57b5a4d3df09e5ffac3dcd85c32a9b0e68fa6 /usr/local/www | |
parent | d729dbeb30cfa231df0873b5a08b546f54c5b7dc (diff) | |
download | pfsense-fa9f5ff99f1a09e7a944bd6eeaf64a50c86c9726.zip pfsense-fa9f5ff99f1a09e7a944bd6eeaf64a50c86c9726.tar.gz |
Verify posted kernel type against a defined list of good values.
Discovered-By: Yann CAM
Diffstat (limited to 'usr/local/www')
-rwxr-xr-x | usr/local/www/system_firmware.php | 16 |
1 files changed, 11 insertions, 5 deletions
diff --git a/usr/local/www/system_firmware.php b/usr/local/www/system_firmware.php index 9e876c9..b4cb0d4 100755 --- a/usr/local/www/system_firmware.php +++ b/usr/local/www/system_firmware.php @@ -50,6 +50,13 @@ require_once("guiconfig.inc"); $curcfg = $config['system']['firmware']; +$kerneltypes = array( + 'SMP' => gettext("Multiprocessor kernel"), + 'single' => gettext("Uniprocessor kernel"), + 'wrap' => gettext("Embedded kernel"), + 'Developers' => gettext("Developers kernel") +); + require_once("xmlrpc_client.inc"); /* Allow additional execution time 0 = no limit. */ @@ -111,7 +118,7 @@ if(is_subsystem_dirty('firmwarelock')) { exit; } -if($_POST['kerneltype']) { +if($_POST['kerneltype'] && in_array($_POST['kerneltype'], array_keys($kerneltypes))) { if($_POST['kerneltype'] == "single") system("touch /boot/kernel/pfsense_kernel.txt"); else @@ -275,10 +282,9 @@ if(stristr($_FILES['ulfile']['name'],"nanobsd")) if($g['platform'] == "pfSense") { echo gettext("Please select kernel type") , ": "; echo "<select name='kerneltype'>"; - echo "<option value='SMP'>" . gettext("Multiprocessor kernel") . "</option>"; - echo "<option value='single'>". gettext("Uniprocessor kernel") . "</option>"; - echo "<option value='wrap'>" . gettext("Embedded kernel") . "</option>"; - echo "<option value='Developers'>" . gettext("Developers kernel") . "</option>"; + foreach($kerneltypes as $kerntype => $kerndescr) { + echo "<option value='{$kerntype}'>{$kerndescr}</option>"; + } echo "</select>"; echo "<br><br>"; } |