diff options
author | Scott Ullrich <sullrich@pfsense.org> | 2008-02-12 04:40:35 +0000 |
---|---|---|
committer | Scott Ullrich <sullrich@pfsense.org> | 2008-02-12 04:40:35 +0000 |
commit | d8c1a6c53c524714ad61dbcced0040108312a260 (patch) | |
tree | 6db2c41cf27483aa10c475cc19f0ff219a679296 /usr/local/www | |
parent | 017648626c9e36526edd3a6212650f431ac16841 (diff) | |
download | pfsense-d8c1a6c53c524714ad61dbcced0040108312a260.zip pfsense-d8c1a6c53c524714ad61dbcced0040108312a260.tar.gz |
Make scripts XSS input safe.
Pointed-out: by hoopercharles@gmail.com
Diffstat (limited to 'usr/local/www')
-rwxr-xr-x | usr/local/www/diag_logs_filter_dynamic.php | 2 | ||||
-rwxr-xr-x | usr/local/www/pkg.php | 4 | ||||
-rwxr-xr-x | usr/local/www/pkg_edit.php | 9 | ||||
-rwxr-xr-x | usr/local/www/pkg_mgr.php | 2 | ||||
-rwxr-xr-x | usr/local/www/pkg_mgr_install.php | 28 | ||||
-rwxr-xr-x | usr/local/www/vpn_ipsec_edit.php | 5 | ||||
-rwxr-xr-x | usr/local/www/wizard.php | 13 |
7 files changed, 31 insertions, 32 deletions
diff --git a/usr/local/www/diag_logs_filter_dynamic.php b/usr/local/www/diag_logs_filter_dynamic.php index ab11f8e..90f9fcc 100755 --- a/usr/local/www/diag_logs_filter_dynamic.php +++ b/usr/local/www/diag_logs_filter_dynamic.php @@ -157,7 +157,7 @@ function convert_port_period_to_colon($addr) { else $newvar = $addr_split[0] . "." . $addr_split[1] . "." . $addr_split[2] . "." . $addr_split[3] . ":" . $addr_split[4]; if($newvar == "...") - return $addr; + return ""; return $newvar; } diff --git a/usr/local/www/pkg.php b/usr/local/www/pkg.php index 813d338..cdcd431 100755 --- a/usr/local/www/pkg.php +++ b/usr/local/www/pkg.php @@ -39,7 +39,7 @@ function gentitle_pkg($pgname) { return $config['system']['hostname'] . "." . $config['system']['domain'] . " - " . $pgname; } -$xml = $_GET['xml']; +$xml = htmlspecialchars($_GET['xml']); if($xml == "") { print_info_box_np(gettext("ERROR: No package defined.")); @@ -107,7 +107,7 @@ include("head.inc"); include("fbegin.inc"); ?> <form action="pkg.php" method="post"> -<? if($_GET['savemsg'] <> "") $savemsg = $_GET['savemsg']; ?> +<? if($_GET['savemsg'] <> "") $savemsg = htmlspecialchars($_GET['savemsg']); ?> <?php if ($savemsg) print_info_box($savemsg); ?> <table width="100%" border="0" cellpadding="0" cellspacing="0"> <?php diff --git a/usr/local/www/pkg_edit.php b/usr/local/www/pkg_edit.php index f7a5bc7..5a5ffdf 100755 --- a/usr/local/www/pkg_edit.php +++ b/usr/local/www/pkg_edit.php @@ -39,9 +39,8 @@ function gentitle_pkg($pgname) { return $pfSense_config['system']['hostname'] . "." . $pfSense_config['system']['domain'] . " - " . $pgname; } -// XXX: Make this input safe. -$xml = $_GET['xml']; -if($_POST['xml']) $xml = $_POST['xml']; +$xml = htmlspecialchars($_GET['xml']); +if($_POST['xml']) $xml = htmlspecialchars($_POST['xml']); if($xml == "") { print_info_box_np(gettext("ERROR: No package defined.")); @@ -68,7 +67,7 @@ $pgtitle = $title; $id = $_GET['id']; if (isset($_POST['id'])) - $id = $_POST['id']; + $id = htmlspecialchars($_POST['id']); if($pkg['custom_php_global_functions'] <> "") eval($pkg['custom_php_global_functions']); @@ -80,7 +79,7 @@ if(!is_array($config['installedpackages'][xml_safe_fieldname($pkg['name'])]['con $a_pkg = &$config['installedpackages'][xml_safe_fieldname($pkg['name'])]['config']; if($_GET['savemsg'] <> "") - $savemsg = $_GET['savemsg']; + $savemsg = htmlspecialchars($_GET['savemsg']); if($pkg['custom_php_command_before_form'] <> "") eval($pkg['custom_php_command_before_form']); diff --git a/usr/local/www/pkg_mgr.php b/usr/local/www/pkg_mgr.php index 1287198..e59d73c 100755 --- a/usr/local/www/pkg_mgr.php +++ b/usr/local/www/pkg_mgr.php @@ -48,7 +48,7 @@ if($pkg_info) { if (! empty($_GET)) { if (isset($_GET['ver'])) { - $requested_version = $_GET['ver']; + $requested_version = htmlspecialchars($_GET['ver']); } } diff --git a/usr/local/www/pkg_mgr_install.php b/usr/local/www/pkg_mgr_install.php index a1038a6..931e8d0 100755 --- a/usr/local/www/pkg_mgr_install.php +++ b/usr/local/www/pkg_mgr_install.php @@ -118,28 +118,28 @@ switch($_GET['mode']) { case "delete": $id = get_pkg_id($_GET['pkg']); $todel = substr(reverse_strrchr($config['installedpackages']['package'][$id]['depends_on_package'], "."), 0, -1); - delete_package($todel, $_GET['pkg']); - delete_package_xml($_GET['pkg']); + delete_package($todel, htmlspecialchars($_GET['pkg'])); + delete_package_xml(htmlspecialchars($_GET['pkg'])); update_status("Package deleted."); $static_output .= "\nPackage deleted."; update_output_window($static_output); break; case "reinstallpkg": - $id = get_pkg_id($_GET['pkg']); + $id = get_pkg_id(htmlspecialchars($_GET['pkg'])); $todel = substr(reverse_strrchr($config['installedpackages']['package'][$id]['depends_on_package'], "."), 0, -1); - delete_package($todel, $_GET['pkg']); - delete_package_xml($_GET['pkg']); - install_package($_GET['pkg']); + delete_package($todel, htmlspecialchars($_GET['pkg'])); + delete_package_xml(htmlspecialchars($_GET['pkg'])); + install_package(htmlspecialchars($_GET['pkg'])); update_status("Package reinstalled."); $static_output .= "\n\nPackage reinstalled."; - start_service($_GET['pkg']); + start_service(htmlspecialchars($_GET['pkg'])); update_output_window($static_output); break; case "reinstallxml": - delete_package_xml($_GET['pkg']); - install_package($_GET['pkg']); + delete_package_xml(htmlspecialchars($_GET['pkg'])); + install_package(htmlspecialchars($_GET['pkg'])); $static_output .= "\n\nPackage reinstalled."; - start_service($_GET['pkg']); + start_service(htmlspecialchars($_GET['pkg'])); update_output_window($static_output); break; case "reinstallall": @@ -157,16 +157,16 @@ switch($_GET['mode']) { } update_status("All packages reinstalled."); $static_output .= "\n\nAll packages reinstalled."; - start_service($_GET['pkg']); + start_service(htmlspecialchars($_GET['pkg'])); update_output_window($static_output); break; default: - $status = install_package($_GET['id']); + $status = install_package(htmlspecialchars($_GET['id'])); if($status == -1) { - update_status("Installation of {$_GET['id']} FAILED!"); + update_status("Installation of " . htmlspecialchars($_GET['id']) . " FAILED!"); $static_output .= "\n\nInstallation halted."; } else { - update_status("Installation of {$_GET['id']} completed."); + update_status("Installation of " . htmlspecialchars($_GET['id']) . " completed."); $static_output .= "\n\nInstallation completed. Please check to make sure that the package is configured from the respective menu then start the package."; } update_output_window($static_output); diff --git a/usr/local/www/vpn_ipsec_edit.php b/usr/local/www/vpn_ipsec_edit.php index 5e047eb..8bd3295 100755 --- a/usr/local/www/vpn_ipsec_edit.php +++ b/usr/local/www/vpn_ipsec_edit.php @@ -54,7 +54,8 @@ if (isset($id) && $a_ipsec[$id]) { if($config['interfaces']['lan']) $pconfig['localnet'] = "lan"; } else { - address_to_pconfig_vpn($a_ipsec[$id]['local-subnet'], $pconfig['localnet'], $pconfig['localnetmask']); + if($config['interfaces']['lan']) + address_to_pconfig_vpn($a_ipsec[$id]['local-subnet'], $pconfig['localnet'], $pconfig['localnetmask']); } if ($a_ipsec[$id]['interface']) @@ -657,4 +658,4 @@ function address_to_pconfig_vpn($adr, &$padr, &$pmask) { } } -?> +?>
\ No newline at end of file diff --git a/usr/local/www/wizard.php b/usr/local/www/wizard.php index 2290099..64a5229 100755 --- a/usr/local/www/wizard.php +++ b/usr/local/www/wizard.php @@ -34,14 +34,13 @@ function gentitle_pkg($pgname) { return $config['system']['hostname'] . "." . $config['system']['domain'] . " - " . $pgname; } -$stepid = $_GET['stepid']; +$stepid = htmlspecialchars($_GET['stepid']); if (isset($_POST['stepid'])) - $stepid = $_POST['stepid']; + $stepid = htmlspecialchars($_POST['stepid']); if (!$stepid) $stepid = "0"; -// XXX: Make this input safe. -$xml = $_GET['xml']; -if($_POST['xml']) $xml = $_POST['xml']; +$xml = htmlspecialchars($_GET['xml']); +if($_POST['xml']) $xml = htmlspecialchars($_POST['xml']); if($xml == "") { $xml = "not_defined"; @@ -232,9 +231,9 @@ function enablechange() { <tr><td colspan='2'> <?php if ($_GET['message'] != "") - print_info_box($_GET['message']); + print_info_box(htmlspecialchars($_GET['message'])); if ($_POST['message'] != "") - print_info_box($_POST['message']); + print_info_box(htmlspecialchars($_POST['message'])); ?></td></tr> <tr><td colspan='2'><center><b><?= fixup_string($description) ?></b></center></td></tr><tr><td> </td></tr> <?php |