summaryrefslogtreecommitdiffstats
path: root/usr/local/www
diff options
context:
space:
mode:
authorjim-p <jimp@pfsense.org>2012-10-04 08:55:56 -0400
committerjim-p <jimp@pfsense.org>2012-10-04 08:55:56 -0400
commitfa9f5ff99f1a09e7a944bd6eeaf64a50c86c9726 (patch)
treef5b57b5a4d3df09e5ffac3dcd85c32a9b0e68fa6 /usr/local/www
parentd729dbeb30cfa231df0873b5a08b546f54c5b7dc (diff)
downloadpfsense-fa9f5ff99f1a09e7a944bd6eeaf64a50c86c9726.zip
pfsense-fa9f5ff99f1a09e7a944bd6eeaf64a50c86c9726.tar.gz
Verify posted kernel type against a defined list of good values.
Discovered-By: Yann CAM
Diffstat (limited to 'usr/local/www')
-rwxr-xr-xusr/local/www/system_firmware.php16
1 files changed, 11 insertions, 5 deletions
diff --git a/usr/local/www/system_firmware.php b/usr/local/www/system_firmware.php
index 9e876c9..b4cb0d4 100755
--- a/usr/local/www/system_firmware.php
+++ b/usr/local/www/system_firmware.php
@@ -50,6 +50,13 @@ require_once("guiconfig.inc");
$curcfg = $config['system']['firmware'];
+$kerneltypes = array(
+ 'SMP' => gettext("Multiprocessor kernel"),
+ 'single' => gettext("Uniprocessor kernel"),
+ 'wrap' => gettext("Embedded kernel"),
+ 'Developers' => gettext("Developers kernel")
+);
+
require_once("xmlrpc_client.inc");
/* Allow additional execution time 0 = no limit. */
@@ -111,7 +118,7 @@ if(is_subsystem_dirty('firmwarelock')) {
exit;
}
-if($_POST['kerneltype']) {
+if($_POST['kerneltype'] && in_array($_POST['kerneltype'], array_keys($kerneltypes))) {
if($_POST['kerneltype'] == "single")
system("touch /boot/kernel/pfsense_kernel.txt");
else
@@ -275,10 +282,9 @@ if(stristr($_FILES['ulfile']['name'],"nanobsd"))
if($g['platform'] == "pfSense") {
echo gettext("Please select kernel type") , ": ";
echo "<select name='kerneltype'>";
- echo "<option value='SMP'>" . gettext("Multiprocessor kernel") . "</option>";
- echo "<option value='single'>". gettext("Uniprocessor kernel") . "</option>";
- echo "<option value='wrap'>" . gettext("Embedded kernel") . "</option>";
- echo "<option value='Developers'>" . gettext("Developers kernel") . "</option>";
+ foreach($kerneltypes as $kerntype => $kerndescr) {
+ echo "<option value='{$kerntype}'>{$kerndescr}</option>";
+ }
echo "</select>";
echo "<br><br>";
}
OpenPOWER on IntegriCloud