diff options
author | Renato Botelho <garga@FreeBSD.org> | 2014-03-12 11:35:57 -0300 |
---|---|---|
committer | Renato Botelho <garga@FreeBSD.org> | 2014-03-12 11:42:49 -0300 |
commit | e41ec5848f21015068255c1d61d01edf442e8e7e (patch) | |
tree | 45c3214c1e3d638dbacb217cd3de95fb4aa6e770 /usr/local/www | |
parent | 49f3f28fea92114b09d3b2d8103398c4adcb3635 (diff) | |
download | pfsense-e41ec5848f21015068255c1d61d01edf442e8e7e.zip pfsense-e41ec5848f21015068255c1d61d01edf442e8e7e.tar.gz |
Improve checks for params 'id', 'dup' and other similar ones to make sure they are numeric integer, also, pass them through htmlspecialchars() before print
Diffstat (limited to 'usr/local/www')
66 files changed, 232 insertions, 192 deletions
diff --git a/usr/local/www/firewall_aliases_edit.php b/usr/local/www/firewall_aliases_edit.php index e5702f2..94ba206 100755 --- a/usr/local/www/firewall_aliases_edit.php +++ b/usr/local/www/firewall_aliases_edit.php @@ -92,8 +92,9 @@ function alias_same_type($name, $type) { return true; } -$id = $_GET['id']; -if (isset($_POST['id'])) +if (is_numericint($_GET['id'])) + $id = $_GET['id']; +if (isset($_POST['id']) && is_numericint($_POST['id'])) $id = $_POST['id']; if (isset($id) && $a_aliases[$id]) { diff --git a/usr/local/www/firewall_nat_1to1_edit.php b/usr/local/www/firewall_nat_1to1_edit.php index 80587fd..15bfce2 100755 --- a/usr/local/www/firewall_nat_1to1_edit.php +++ b/usr/local/www/firewall_nat_1to1_edit.php @@ -56,8 +56,9 @@ if (!is_array($config['nat']['onetoone'])) $a_1to1 = &$config['nat']['onetoone']; -$id = $_GET['id']; -if (isset($_POST['id'])) +if (is_numericint($_GET['id'])) + $id = $_GET['id']; +if (isset($_POST['id']) && is_numericint($_POST['id'])) $id = $_POST['id']; $after = $_GET['after']; diff --git a/usr/local/www/firewall_nat_edit.php b/usr/local/www/firewall_nat_edit.php index d9c3cc0..811d451 100755 --- a/usr/local/www/firewall_nat_edit.php +++ b/usr/local/www/firewall_nat_edit.php @@ -56,16 +56,17 @@ if (!is_array($config['nat']['rule'])) { } $a_nat = &$config['nat']['rule']; -$id = $_GET['id']; -if (isset($_POST['id'])) +if (is_numericint($_GET['id'])) + $id = $_GET['id']; +if (isset($_POST['id']) && is_numericint($_POST['id'])) $id = $_POST['id']; -$after = $_GET['after']; - -if (isset($_POST['after'])) +if (is_numericint($_GET['after'])) + $after = $_GET['after']; +if (isset($_POST['after']) && is_numericint($_GET['after'])) $after = $_POST['after']; -if (isset($_GET['dup'])) { +if (isset($_GET['dup']) && is_numericint($_GET['dup'])) { $id = $_GET['dup']; $after = $_GET['dup']; } @@ -105,7 +106,7 @@ if (isset($id) && $a_nat[$id]) { $pconfig['srcendport'] = "any"; } -if (isset($_GET['dup'])) +if (isset($_GET['dup']) && is_numericint($_GET['dup'])) unset($id); /* run through $_POST items encoding HTML entties so that the user @@ -804,7 +805,7 @@ include("fbegin.inc"); ?> </select> </td> </tr> - <?php if (isset($id) && $a_nat[$id] && !isset($_GET['dup'])): ?> + <?php if (isset($id) && $a_nat[$id] && (!isset($_GET['dup']) || !is_numericint($_GET['dup']))): ?> <tr name="assoctable" id="assoctable"> <td width="22%" valign="top" class="vncell"><?=gettext("Filter rule association"); ?></td> <td width="78%" class="vtable"> @@ -835,7 +836,7 @@ include("fbegin.inc"); ?> </td> </tr> <?php endif; ?> - <?php if ((!(isset($id) && $a_nat[$id])) || (isset($_GET['dup']))): ?> + <?php if ((!(isset($id) && $a_nat[$id])) || (isset($_GET['dup']) && is_numericint($_GET['dup']))): ?> <tr name="assoctable" id="assoctable"> <td width="22%" valign="top" class="vncell"><?=gettext("Filter rule association"); ?></td> <td width="78%" class="vtable"> diff --git a/usr/local/www/firewall_nat_npt_edit.php b/usr/local/www/firewall_nat_npt_edit.php index ace491d..87ccacb 100644 --- a/usr/local/www/firewall_nat_npt_edit.php +++ b/usr/local/www/firewall_nat_npt_edit.php @@ -69,8 +69,9 @@ if (!is_array($config['nat']['npt'])) { } $a_npt = &$config['nat']['npt']; -$id = $_GET['id']; -if (isset($_POST['id'])) +if (is_numericint($_GET['id'])) + $id = $_GET['id']; +if (isset($_POST['id']) && is_numericint($_POST['id'])) $id = $_POST['id']; if (isset($id) && $a_npt[$id]) { diff --git a/usr/local/www/firewall_nat_out_edit.php b/usr/local/www/firewall_nat_out_edit.php index 5e113a5..1d2e79d 100755 --- a/usr/local/www/firewall_nat_out_edit.php +++ b/usr/local/www/firewall_nat_out_edit.php @@ -58,19 +58,19 @@ if (!is_array($config['aliases']['alias'])) $config['aliases']['alias'] = array(); $a_aliases = &$config['aliases']['alias']; -$id = $_GET['id']; -if (isset($_POST['id'])) { +if (is_numericint($_GET['id'])) + $id = $_GET['id']; +if (isset($_POST['id']) && is_numericint($_POST['id'])) $id = $_POST['id']; -} - -$after = $_GET['after']; -if (isset($_POST['after'])) +if (is_numericint($_GET['after'])) + $after = $_GET['after']; +if (isset($_POST['after']) && is_numericint($_GET['after'])) $after = $_POST['after']; -if (isset($_GET['dup'])) { - $id = $_GET['dup']; - $after = $_GET['dup']; +if (isset($_GET['dup']) && is_numericint($_GET['dup'])) { + $id = $_GET['dup']; + $after = $_GET['dup']; } if (isset($id) && $a_out[$id]) { @@ -110,9 +110,8 @@ if (isset($id) && $a_out[$id]) { $pconfig['interface'] = "wan"; } -if (isset($_GET['dup'])) { +if (isset($_GET['dup']) && is_numericint($_GET['dup'])) unset($id); -} if ($_POST) { if ($_POST['destination_type'] == "any") { diff --git a/usr/local/www/firewall_rules_edit.php b/usr/local/www/firewall_rules_edit.php index 47bee3b..769c540 100755 --- a/usr/local/www/firewall_rules_edit.php +++ b/usr/local/www/firewall_rules_edit.php @@ -81,18 +81,19 @@ if (!is_array($config['filter']['rule'])) { filter_rules_sort(); $a_filter = &$config['filter']['rule']; -$id = $_GET['id']; -if (is_numeric($_POST['id'])) +if (is_numericint($_GET['id'])) + $id = $_GET['id']; +if (isset($_POST['id']) && is_numericint($_POST['id'])) $id = $_POST['id']; -$after = $_GET['after']; - -if (isset($_POST['after'])) +if (is_numericint($_GET['after'])) + $after = $_GET['after']; +if (isset($_POST['after']) && is_numericint($_GET['after'])) $after = $_POST['after']; -if (isset($_GET['dup'])) { - $id = $_GET['dup']; - $after = $_GET['dup']; +if (isset($_GET['dup']) && is_numericint($_GET['dup'])) { + $id = $_GET['dup']; + $after = $_GET['dup']; } if (isset($id) && $a_filter[$id]) { @@ -203,7 +204,7 @@ if (isset($id) && $a_filter[$id]) { $pconfig['sched'] = (($a_filter[$id]['sched'] == "none") ? '' : $a_filter[$id]['sched']); $pconfig['vlanprio'] = (($a_filter[$id]['vlanprio'] == "none") ? '' : $a_filter[$id]['vlanprio']); $pconfig['vlanprioset'] = (($a_filter[$id]['vlanprioset'] == "none") ? '' : $a_filter[$id]['vlanprioset']); - if (!isset($_GET['dup'])) + if (!isset($_GET['dup']) || !is_numericint($_GET['dup'])) $pconfig['associated-rule-id'] = $a_filter[$id]['associated-rule-id']; $pconfig['tracker'] = $a_filter[$id]['tracker']; @@ -219,7 +220,7 @@ if (isset($id) && $a_filter[$id]) { /* Allow the FloatingRules to work */ $if = $pconfig['interface']; -if (isset($_GET['dup'])) +if (isset($_GET['dup']) && is_numericint($_GET['dup'])) unset($id); read_altq_config(); /* XXX: */ diff --git a/usr/local/www/firewall_schedule_edit.php b/usr/local/www/firewall_schedule_edit.php index f430682..5cc6870 100644 --- a/usr/local/www/firewall_schedule_edit.php +++ b/usr/local/www/firewall_schedule_edit.php @@ -74,9 +74,9 @@ if (!is_array($config['schedules']['schedule'])) $a_schedules = &$config['schedules']['schedule']; - -$id = $_GET['id']; -if (isset($_POST['id'])) +if (is_numericint($_GET['id'])) + $id = $_GET['id']; +if (isset($_POST['id']) && is_numericint($_POST['id'])) $id = $_POST['id']; if (isset($id) && $a_schedules[$id]) { diff --git a/usr/local/www/firewall_virtual_ip.php b/usr/local/www/firewall_virtual_ip.php index b081c46..7d17938 100755 --- a/usr/local/www/firewall_virtual_ip.php +++ b/usr/local/www/firewall_virtual_ip.php @@ -190,7 +190,7 @@ if ($_GET['act'] == "del") { exit; } } -} else if ($_GET['changes'] == "mods") +} else if ($_GET['changes'] == "mods" && is_numericint($_GET['id'])) $id = $_GET['id']; $pgtitle = array(gettext("Firewall"),gettext("Virtual IP Addresses")); @@ -222,7 +222,7 @@ include("head.inc"); ?> </td></tr> <tr> - <td><input type="hidden" id="id" name="id" value="<?php echo $id; ?>" /></td> + <td><input type="hidden" id="id" name="id" value="<?php echo htmlspecialchars($id); ?>" /></td> </tr> <tr> <td> diff --git a/usr/local/www/firewall_virtual_ip_edit.php b/usr/local/www/firewall_virtual_ip_edit.php index 4fbaa65..3a9fe94 100755 --- a/usr/local/www/firewall_virtual_ip_edit.php +++ b/usr/local/www/firewall_virtual_ip_edit.php @@ -58,10 +58,10 @@ if (!is_array($config['virtualip']['vip'])) { } $a_vip = &$config['virtualip']['vip']; -if (isset($_POST['id'])) - $id = $_POST['id']; -else +if (is_numericint($_GET['id'])) $id = $_GET['id']; +if (isset($_POST['id']) && is_numericint($_POST['id'])) + $id = $_POST['id']; function return_first_two_octets($ip) { $ip_split = explode(".", $ip); diff --git a/usr/local/www/interfaces.php b/usr/local/www/interfaces.php index de9f69f..244f7e8 100755 --- a/usr/local/www/interfaces.php +++ b/usr/local/www/interfaces.php @@ -3291,7 +3291,7 @@ $types6 = array("none" => gettext("None"), "staticv6" => gettext("Static IPv6"), <br/> <input id="save" name="Submit" type="submit" class="formbtn" value="<?=gettext("Save"); ?>" /> <input id="cancel" type="button" class="formbtn" value="<?=gettext("Cancel"); ?>" onclick="history.back()" /> - <input name="if" type="hidden" id="if" value="<?=$if;?>" /> + <input name="if" type="hidden" id="if" value="<?=htmlspecialchars($if);?>" /> <?php if ($wancfg['if'] == $a_ppps[$pppid]['if']) : ?> <input name="ppp_port" type="hidden" value="<?=htmlspecialchars($pconfig['port']);?>" /> <?php endif; ?> diff --git a/usr/local/www/interfaces_bridge_edit.php b/usr/local/www/interfaces_bridge_edit.php index 36a9b1a..6b1ff3c 100644 --- a/usr/local/www/interfaces_bridge_edit.php +++ b/usr/local/www/interfaces_bridge_edit.php @@ -51,8 +51,9 @@ foreach ($ifacelist as $bif => $bdescr) { unset($ifacelist[$bif]); } -$id = $_GET['id']; -if (isset($_POST['id'])) +if (is_numericint($_GET['id'])) + $id = $_GET['id']; +if (isset($_POST['id']) && is_numericint($_POST['id'])) $id = $_POST['id']; if (isset($id) && $a_bridges[$id]) { diff --git a/usr/local/www/interfaces_gif_edit.php b/usr/local/www/interfaces_gif_edit.php index 5d091ca..464d980 100644 --- a/usr/local/www/interfaces_gif_edit.php +++ b/usr/local/www/interfaces_gif_edit.php @@ -45,9 +45,9 @@ if (!is_array($config['gifs']['gif'])) $a_gifs = &$config['gifs']['gif']; - -$id = $_GET['id']; -if (isset($_POST['id'])) +if (is_numericint($_GET['id'])) + $id = $_GET['id']; +if (isset($_POST['id']) && is_numericint($_POST['id'])) $id = $_POST['id']; if (isset($id) && $a_gifs[$id]) { diff --git a/usr/local/www/interfaces_gre_edit.php b/usr/local/www/interfaces_gre_edit.php index bd3e420..56f72b9 100644 --- a/usr/local/www/interfaces_gre_edit.php +++ b/usr/local/www/interfaces_gre_edit.php @@ -46,9 +46,9 @@ if (!is_array($config['gres']['gre'])) $a_gres = &$config['gres']['gre']; - -$id = $_GET['id']; -if (isset($_POST['id'])) +if (is_numericint($_GET['id'])) + $id = $_GET['id']; +if (isset($_POST['id']) && is_numericint($_POST['id'])) $id = $_POST['id']; if (isset($id) && $a_gres[$id]) { diff --git a/usr/local/www/interfaces_groups_edit.php b/usr/local/www/interfaces_groups_edit.php index 09053c7..77812dd 100755 --- a/usr/local/www/interfaces_groups_edit.php +++ b/usr/local/www/interfaces_groups_edit.php @@ -49,9 +49,9 @@ if (!is_array($config['ifgroups']['ifgroupentry'])) $a_ifgroups = &$config['ifgroups']['ifgroupentry']; -if (isset($_GET['id'])) +if (is_numericint($_GET['id'])) $id = $_GET['id']; -if (isset($_POST['id'])) +if (isset($_POST['id']) && is_numericint($_POST['id'])) $id = $_POST['id']; if (isset($id) && $a_ifgroups[$id]) { diff --git a/usr/local/www/interfaces_lagg_edit.php b/usr/local/www/interfaces_lagg_edit.php index a830172..fb4758b 100644 --- a/usr/local/www/interfaces_lagg_edit.php +++ b/usr/local/www/interfaces_lagg_edit.php @@ -64,8 +64,9 @@ foreach ($checklist as $tmpif) $laggprotos = array("none", "lacp", "failover", "fec", "loadbalance", "roundrobin"); -$id = $_GET['id']; -if (isset($_POST['id'])) +if (is_numericint($_GET['id'])) + $id = $_GET['id']; +if (isset($_POST['id']) && is_numericint($_POST['id'])) $id = $_POST['id']; if (isset($id) && $a_laggs[$id]) { diff --git a/usr/local/www/interfaces_ppps_edit.php b/usr/local/www/interfaces_ppps_edit.php index 353b4b5..48df691 100644 --- a/usr/local/www/interfaces_ppps_edit.php +++ b/usr/local/www/interfaces_ppps_edit.php @@ -64,8 +64,9 @@ if (is_array($config['vlans']['vlan']) && count($config['vlans']['vlan'])) { } } -$id = $_GET['id']; -if (isset($_POST['id'])) +if (is_numericint($_GET['id'])) + $id = $_GET['id']; +if (isset($_POST['id']) && is_numericint($_POST['id'])) $id = $_POST['id']; if (isset($id) && $a_ppps[$id]) { diff --git a/usr/local/www/interfaces_qinq_edit.php b/usr/local/www/interfaces_qinq_edit.php index 242b26d..93d98c4 100755 --- a/usr/local/www/interfaces_qinq_edit.php +++ b/usr/local/www/interfaces_qinq_edit.php @@ -59,8 +59,9 @@ if (count($portlist) < 1) { exit; } -$id = $_GET['id']; -if (isset($_POST['id'])) +if (is_numericint($_GET['id'])) + $id = $_GET['id']; +if (isset($_POST['id']) && is_numericint($_POST['id'])) $id = $_POST['id']; if (isset($id) && $a_qinqs[$id]) { diff --git a/usr/local/www/interfaces_vlan_edit.php b/usr/local/www/interfaces_vlan_edit.php index acd78e2..a93b687 100755 --- a/usr/local/www/interfaces_vlan_edit.php +++ b/usr/local/www/interfaces_vlan_edit.php @@ -54,8 +54,9 @@ if (is_array($config['laggs']['lagg']) && count($config['laggs']['lagg'])) { $portlist[$lagg['laggif']] = $lagg; } -$id = $_GET['id']; -if (isset($_POST['id'])) +if (is_numericint($_GET['id'])) + $id = $_GET['id']; +if (isset($_POST['id']) && is_numericint($_POST['id'])) $id = $_POST['id']; if (isset($id) && $a_vlans[$id]) { diff --git a/usr/local/www/interfaces_wireless_edit.php b/usr/local/www/interfaces_wireless_edit.php index b34f266..67aefaa 100644 --- a/usr/local/www/interfaces_wireless_edit.php +++ b/usr/local/www/interfaces_wireless_edit.php @@ -65,8 +65,9 @@ function clone_compare($a, $b) { $portlist = get_interface_list(); -$id = $_GET['id']; -if (isset($_POST['id'])) +if (is_numericint($_GET['id'])) + $id = $_GET['id']; +if (isset($_POST['id']) && is_numericint($_POST['id'])) $id = $_POST['id']; if (isset($id) && $a_clones[$id]) { diff --git a/usr/local/www/load_balancer_monitor_edit.php b/usr/local/www/load_balancer_monitor_edit.php index 1a4206c..7df311e 100755 --- a/usr/local/www/load_balancer_monitor_edit.php +++ b/usr/local/www/load_balancer_monitor_edit.php @@ -46,10 +46,10 @@ if (!is_array($config['load_balancer']['monitor_type'])) { } $a_monitor = &$config['load_balancer']['monitor_type']; -if (isset($_POST['id'])) - $id = $_POST['id']; -else +if (is_numericint($_GET['id'])) $id = $_GET['id']; +if (isset($_POST['id']) && is_numericint($_POST['id'])) + $id = $_POST['id']; if (isset($id) && $a_monitor[$id]) { $pconfig['name'] = $a_monitor[$id]['name']; diff --git a/usr/local/www/load_balancer_pool_edit.php b/usr/local/www/load_balancer_pool_edit.php index 13a114a..29f7f19 100755 --- a/usr/local/www/load_balancer_pool_edit.php +++ b/usr/local/www/load_balancer_pool_edit.php @@ -48,10 +48,10 @@ if (!is_array($config['load_balancer']['lbpool'])) { } $a_pool = &$config['load_balancer']['lbpool']; -if (isset($_POST['id'])) - $id = $_POST['id']; -else +if (is_numericint($_GET['id'])) $id = $_GET['id']; +if (isset($_POST['id']) && is_numericint($_POST['id'])) + $id = $_POST['id']; if (isset($id) && $a_pool[$id]) { $pconfig['name'] = $a_pool[$id]['name']; diff --git a/usr/local/www/load_balancer_relay_action_edit.php b/usr/local/www/load_balancer_relay_action_edit.php index edbea87..51f5245 100755 --- a/usr/local/www/load_balancer_relay_action_edit.php +++ b/usr/local/www/load_balancer_relay_action_edit.php @@ -45,10 +45,10 @@ if (!is_array($config['load_balancer']['lbaction'])) { } $a_action = &$config['load_balancer']['lbaction']; -if (isset($_POST['id'])) - $id = $_POST['id']; -else +if (is_numericint($_GET['id'])) $id = $_GET['id']; +if (isset($_POST['id']) && is_numericint($_POST['id'])) + $id = $_POST['id']; if (isset($id) && $a_action[$id]) { $pconfig = array(); diff --git a/usr/local/www/load_balancer_relay_protocol_edit.php b/usr/local/www/load_balancer_relay_protocol_edit.php index 387d00d..c2593a6 100755 --- a/usr/local/www/load_balancer_relay_protocol_edit.php +++ b/usr/local/www/load_balancer_relay_protocol_edit.php @@ -46,10 +46,10 @@ if (!is_array($config['load_balancer']['lbprotocol'])) { } $a_protocol = &$config['load_balancer']['lbprotocol']; -if (isset($_POST['id'])) - $id = $_POST['id']; -else +if (is_numericint($_GET['id'])) $id = $_GET['id']; +if (isset($_POST['id']) && is_numericint($_POST['id'])) + $id = $_POST['id']; if (isset($id) && $a_protocol[$id]) { $pconfig = $a_protocol[$id]; diff --git a/usr/local/www/load_balancer_virtual_server_edit.php b/usr/local/www/load_balancer_virtual_server_edit.php index db7a49f..a326370 100755 --- a/usr/local/www/load_balancer_virtual_server_edit.php +++ b/usr/local/www/load_balancer_virtual_server_edit.php @@ -46,10 +46,10 @@ if (!is_array($config['load_balancer']['virtual_server'])) { } $a_vs = &$config['load_balancer']['virtual_server']; -if (isset($_POST['id'])) - $id = $_POST['id']; -else +if (is_numericint($_GET['id'])) $id = $_GET['id']; +if (isset($_POST['id']) && is_numericint($_POST['id'])) + $id = $_POST['id']; if (isset($id) && $a_vs[$id]) { $pconfig = $a_vs[$id]; diff --git a/usr/local/www/services_captiveportal.php b/usr/local/www/services_captiveportal.php index 3bf53f7..ade0b8f 100755 --- a/usr/local/www/services_captiveportal.php +++ b/usr/local/www/services_captiveportal.php @@ -1061,7 +1061,7 @@ function enable_change(enable_change) { <tr> <td width="22%" valign="top"> </td> <td width="78%"> - <?php echo "<input name='zone' id='zone' type='hidden' value='{$cpzone}'/>"; ?> + <?php echo "<input name='zone' id='zone' type='hidden' value='" . htmlspecialchars($cpzone) . "'/>"; ?> <input name="Submit" type="submit" class="formbtn" value="<?=gettext("Save"); ?>" onClick="enable_change(true)"> <a href="services_captiveportal_zones.php"><input name="Cancel" type="button" class="formbtn" value="<?=gettext("Cancel"); ?>" onClick="enable_change(true)"></a> </td> diff --git a/usr/local/www/services_captiveportal_filemanager.php b/usr/local/www/services_captiveportal_filemanager.php index 0b81d23..34d87a6 100755 --- a/usr/local/www/services_captiveportal_filemanager.php +++ b/usr/local/www/services_captiveportal_filemanager.php @@ -138,7 +138,7 @@ include("head.inc"); <?php include("fbegin.inc"); ?> <body link="#0000CC" vlink="#0000CC" alink="#0000CC"> <form action="services_captiveportal_filemanager.php" method="post" enctype="multipart/form-data" name="iform" id="iform"> -<input type="hidden" name="zone" id="zone" value="<?=$cpzone;?>" /> +<input type="hidden" name="zone" id="zone" value="<?=htmlspecialchars($cpzone);?>" /> <?php if ($input_errors) print_input_errors($input_errors); ?> <table width="100%" border="0" cellpadding="0" cellspacing="0"> <tr><td class="tabnavtbl"> diff --git a/usr/local/www/services_captiveportal_hostname.php b/usr/local/www/services_captiveportal_hostname.php index d23f0e8..2d1fba1 100755 --- a/usr/local/www/services_captiveportal_hostname.php +++ b/usr/local/www/services_captiveportal_hostname.php @@ -98,7 +98,7 @@ include("head.inc"); <?php include("fbegin.inc"); ?> <body link="#0000CC" vlink="#0000CC" alink="#0000CC"> <form action="services_captiveportal_hostname.php" method="post"> -<input type="hidden" name="zone" id="zone" value="<?=$cpzone;?>" /> +<input type="hidden" name="zone" id="zone" value="<?=htmlspecialchars($cpzone);?>" /> <?php if ($savemsg) print_info_box($savemsg); ?> <table width="100%" border="0" cellpadding="0" cellspacing="0"> <tr><td class="tabnavtbl"> diff --git a/usr/local/www/services_captiveportal_hostname_edit.php b/usr/local/www/services_captiveportal_hostname_edit.php index cf01f18..707473c 100755 --- a/usr/local/www/services_captiveportal_hostname_edit.php +++ b/usr/local/www/services_captiveportal_hostname_edit.php @@ -72,8 +72,9 @@ if (!is_array($config['captiveportal'])) $config['captiveportal'] = array(); $a_cp =& $config['captiveportal']; -$id = $_GET['id']; -if (isset($_POST['id'])) +if (is_numericint($_GET['id'])) + $id = $_GET['id']; +if (isset($_POST['id']) && is_numericint($_POST['id'])) $id = $_POST['id']; if (!is_array($a_cp[$cpzone]['allowedhostname'])) diff --git a/usr/local/www/services_captiveportal_ip.php b/usr/local/www/services_captiveportal_ip.php index 3465d07..ab5f965 100755 --- a/usr/local/www/services_captiveportal_ip.php +++ b/usr/local/www/services_captiveportal_ip.php @@ -93,7 +93,7 @@ include("head.inc"); <?php include("fbegin.inc"); ?> <body link="#0000CC" vlink="#0000CC" alink="#0000CC"> <form action="services_captiveportal_ip.php" method="post"> -<input type="hidden" name="zone" id="zone" value="<?=$cpzone;?>" /> +<input type="hidden" name="zone" id="zone" value="<?=htmlspecialchars($cpzone);?>" /> <?php if ($savemsg) print_info_box($savemsg); ?> <table width="100%" border="0" cellpadding="0" cellspacing="0"> <tr><td class="tabnavtbl"> diff --git a/usr/local/www/services_captiveportal_ip_edit.php b/usr/local/www/services_captiveportal_ip_edit.php index f91d680..0ecef07 100755 --- a/usr/local/www/services_captiveportal_ip_edit.php +++ b/usr/local/www/services_captiveportal_ip_edit.php @@ -73,8 +73,9 @@ if (!is_array($config['captiveportal'])) $config['captiveportal'] = array(); $a_cp =& $config['captiveportal']; -$id = $_GET['id']; -if (isset($_POST['id'])) +if (is_numericint($_GET['id'])) + $id = $_GET['id']; +if (isset($_POST['id']) && is_numericint($_POST['id'])) $id = $_POST['id']; if (!is_array($config['captiveportal'][$cpzone]['allowedip'])) diff --git a/usr/local/www/services_captiveportal_mac.php b/usr/local/www/services_captiveportal_mac.php index e636f7b..2d66ab5 100755 --- a/usr/local/www/services_captiveportal_mac.php +++ b/usr/local/www/services_captiveportal_mac.php @@ -143,7 +143,7 @@ include("head.inc"); <?php include("fbegin.inc"); ?> <body link="#0000CC" vlink="#0000CC" alink="#0000CC"> <form action="services_captiveportal_mac.php" method="post"> -<input type="hidden" name="zone" id="zone" value="<?=$cpzone;?>"/> +<input type="hidden" name="zone" id="zone" value="<?=htmlspecialchars($cpzone);?>"/> <?php if ($savemsg) print_info_box($savemsg); ?> <?php if (is_subsystem_dirty('passthrumac')): ?><p> <?php print_info_box_np(gettext("The captive portal MAC address configuration has been changed.<br>You must apply the changes in order for them to take effect."));?><br> diff --git a/usr/local/www/services_captiveportal_mac_edit.php b/usr/local/www/services_captiveportal_mac_edit.php index e03454d..7302c23 100755 --- a/usr/local/www/services_captiveportal_mac_edit.php +++ b/usr/local/www/services_captiveportal_mac_edit.php @@ -73,8 +73,9 @@ if (!is_array($config['captiveportal'])) $config['captiveportal'] = array(); $a_cp =& $config['captiveportal']; -$id = $_GET['id']; -if (isset($_POST['id'])) +if (is_numericint($_GET['id'])) + $id = $_GET['id']; +if (isset($_POST['id']) && is_numericint($_POST['id'])) $id = $_POST['id']; if (!is_array($a_cp[$cpzone]['passthrumac'])) diff --git a/usr/local/www/services_captiveportal_vouchers.php b/usr/local/www/services_captiveportal_vouchers.php index cef0078..1decac5 100644 --- a/usr/local/www/services_captiveportal_vouchers.php +++ b/usr/local/www/services_captiveportal_vouchers.php @@ -629,7 +629,7 @@ function enable_change(enable_change) { <tr> <td width="22%" valign="top"> </td> <td width="78%"> - <input type="hidden" name="zone" id="zone" value="<?=$cpzone;?>" /> + <input type="hidden" name="zone" id="zone" value="<?=htmlspecialchars($cpzone);?>" /> <input type="hidden" name="exponent" id="exponent" value="<?=$pconfig['exponent'];?>" /> <input name="Submit" type="submit" class="formbtn" value="<?=gettext("Save"); ?>" onClick="enable_change(true); before_save();"> <input type="button" class="formbtn" value="<?=gettext("Cancel"); ?>" onclick="history.back()"> diff --git a/usr/local/www/services_captiveportal_vouchers_edit.php b/usr/local/www/services_captiveportal_vouchers_edit.php index bddb389..79e6001 100644 --- a/usr/local/www/services_captiveportal_vouchers_edit.php +++ b/usr/local/www/services_captiveportal_vouchers_edit.php @@ -67,8 +67,9 @@ if (!is_array($config['voucher'][$cpzone]['roll'])) { } $a_roll = &$config['voucher'][$cpzone]['roll']; -$id = $_GET['id']; -if (isset($_POST['id'])) +if (is_numericint($_GET['id'])) + $id = $_GET['id']; +if (isset($_POST['id']) && is_numericint($_POST['id'])) $id = $_POST['id']; if (isset($id) && $a_roll[$id]) { diff --git a/usr/local/www/services_dhcp_edit.php b/usr/local/www/services_dhcp_edit.php index d7ade1c..5f9767c 100755 --- a/usr/local/www/services_dhcp_edit.php +++ b/usr/local/www/services_dhcp_edit.php @@ -86,8 +86,9 @@ $ifcfgip = get_interface_ip($if); $ifcfgsn = get_interface_subnet($if); $ifcfgdescr = convert_friendly_interface_to_friendly_descr($if); -$id = $_GET['id']; -if (isset($_POST['id'])) +if (is_numericint($_GET['id'])) + $id = $_GET['id']; +if (isset($_POST['id']) && is_numericint($_POST['id'])) $id = $_POST['id']; if (isset($id) && $a_maps[$id]) { diff --git a/usr/local/www/services_dhcpv6_edit.php b/usr/local/www/services_dhcpv6_edit.php index 32ac04a..40f71ca 100644 --- a/usr/local/www/services_dhcpv6_edit.php +++ b/usr/local/www/services_dhcpv6_edit.php @@ -82,8 +82,9 @@ $ifcfgipv6 = get_interface_ipv6($if); $ifcfgsnv6 = get_interface_subnetv6($if); $ifcfgdescr = convert_friendly_interface_to_friendly_descr($if); -$id = $_GET['id']; -if (isset($_POST['id'])) +if (is_numericint($_GET['id'])) + $id = $_GET['id']; +if (isset($_POST['id']) && is_numericint($_POST['id'])) $id = $_POST['id']; if (isset($id) && $a_maps[$id]) { diff --git a/usr/local/www/services_dnsmasq_domainoverride_edit.php b/usr/local/www/services_dnsmasq_domainoverride_edit.php index 8d0fce8..1e595da 100755 --- a/usr/local/www/services_dnsmasq_domainoverride_edit.php +++ b/usr/local/www/services_dnsmasq_domainoverride_edit.php @@ -45,9 +45,10 @@ if (!is_array($config['dnsmasq']['domainoverrides'])) { } $a_domainOverrides = &$config['dnsmasq']['domainoverrides']; -$id = $_GET['id']; -if (isset($_POST['id'])) - $id = $_POST['id']; +if (is_numericint($_GET['id'])) + $id = $_GET['id']; +if (isset($_POST['id']) && is_numericint($_POST['id'])) + $id = $_POST['id']; if (isset($id) && $a_domainOverrides[$id]) { $pconfig['domain'] = $a_domainOverrides[$id]['domain']; diff --git a/usr/local/www/services_dnsmasq_edit.php b/usr/local/www/services_dnsmasq_edit.php index c56f759..4efeafd 100755 --- a/usr/local/www/services_dnsmasq_edit.php +++ b/usr/local/www/services_dnsmasq_edit.php @@ -59,8 +59,9 @@ if (!is_array($config['dnsmasq']['hosts'])) $a_hosts = &$config['dnsmasq']['hosts']; -$id = $_GET['id']; -if (isset($_POST['id'])) +if (is_numericint($_GET['id'])) + $id = $_GET['id']; +if (isset($_POST['id']) && is_numericint($_POST['id'])) $id = $_POST['id']; if (isset($id) && $a_hosts[$id]) { diff --git a/usr/local/www/services_dyndns_edit.php b/usr/local/www/services_dyndns_edit.php index 67da1ad..0284988 100644 --- a/usr/local/www/services_dyndns_edit.php +++ b/usr/local/www/services_dyndns_edit.php @@ -56,8 +56,9 @@ if (!is_array($config['dyndnses']['dyndns'])) { $a_dyndns = &$config['dyndnses']['dyndns']; -$id = $_GET['id']; -if (isset($_POST['id'])) +if (is_numericint($_GET['id'])) + $id = $_GET['id']; +if (isset($_POST['id']) && is_numericint($_POST['id'])) $id = $_POST['id']; if (isset($id) && isset($a_dyndns[$id])) { diff --git a/usr/local/www/services_igmpproxy_edit.php b/usr/local/www/services_igmpproxy_edit.php index 92fb71b..9d5fda5 100755 --- a/usr/local/www/services_igmpproxy_edit.php +++ b/usr/local/www/services_igmpproxy_edit.php @@ -53,8 +53,9 @@ if (!is_array($config['igmpproxy']['igmpentry'])) //igmpproxy_sort(); $a_igmpproxy = &$config['igmpproxy']['igmpentry']; -$id = $_GET['id']; -if (isset($_POST['id'])) +if (is_numericint($_GET['id'])) + $id = $_GET['id']; +if (isset($_POST['id']) && is_numericint($_POST['id'])) $id = $_POST['id']; if (isset($id) && $a_igmpproxy[$id]) { diff --git a/usr/local/www/services_rfc2136_edit.php b/usr/local/www/services_rfc2136_edit.php index d2bf4a3..44b2422 100644 --- a/usr/local/www/services_rfc2136_edit.php +++ b/usr/local/www/services_rfc2136_edit.php @@ -37,8 +37,9 @@ if (!is_array($config['dnsupdates']['dnsupdate'])) { $a_rfc2136 = &$config['dnsupdates']['dnsupdate']; -$id = $_GET['id']; -if (isset($_POST['id'])) +if (is_numericint($_GET['id'])) + $id = $_GET['id']; +if (isset($_POST['id']) && is_numericint($_POST['id'])) $id = $_POST['id']; if (isset($id) && isset($a_rfc2136[$id])) { diff --git a/usr/local/www/services_wol_edit.php b/usr/local/www/services_wol_edit.php index c829631..a4cf4ed 100755 --- a/usr/local/www/services_wol_edit.php +++ b/usr/local/www/services_wol_edit.php @@ -56,8 +56,9 @@ if (!is_array($config['wol']['wolentry'])) { } $a_wol = &$config['wol']['wolentry']; -$id = $_GET['id']; -if (isset($_POST['id'])) +if (is_numericint($_GET['id'])) + $id = $_GET['id']; +if (isset($_POST['id']) && is_numericint($_POST['id'])) $id = $_POST['id']; if (isset($id) && $a_wol[$id]) { diff --git a/usr/local/www/status_captiveportal.php b/usr/local/www/status_captiveportal.php index d84e9b2..0acbe89 100755 --- a/usr/local/www/status_captiveportal.php +++ b/usr/local/www/status_captiveportal.php @@ -188,7 +188,7 @@ $mac_man = load_mac_manufacturer_table(); <?php endif; ?> <form action="status_captiveportal.php" method="get" style="margin: 14px;"> -<input type="hidden" name="order" value="<?=$_GET['order'];?>" /> +<input type="hidden" name="order" value="<?=htmlspecialchars($_GET['order']);?>" /> <?php if (!empty($cpzone)): ?> <?php if ($_GET['showact']): ?> <input type="hidden" name="showact" value="0" /> @@ -197,7 +197,7 @@ $mac_man = load_mac_manufacturer_table(); <input type="hidden" name="showact" value="1" /> <input type="submit" class="formbtn" value="<?=gettext("Show last activity");?>" /> <?php endif; ?> -<input type="hidden" name="zone" value="<?=$cpzone;?>" /> +<input type="hidden" name="zone" value="<?=htmlspecialchars($cpzone);?>" /> <?php endif; ?> </form> <?php include("fend.inc"); ?> diff --git a/usr/local/www/status_captiveportal_expire.php b/usr/local/www/status_captiveportal_expire.php index 048df4d..48d3f05 100644 --- a/usr/local/www/status_captiveportal_expire.php +++ b/usr/local/www/status_captiveportal_expire.php @@ -88,7 +88,7 @@ include("fbegin.inc"); <tr> <td width="22%" valign="top"> </td> <td width="78%"> - <input name="zone" type="hidden" value="<?=$cpzone;?>"> + <input name="zone" type="hidden" value="<?=htmlspecialchars($cpzone);?>"> <input name="Submit" type="submit" class="formbtn" value="<?=gettext("Submit"); ?>"> </td> </tr> diff --git a/usr/local/www/status_captiveportal_test.php b/usr/local/www/status_captiveportal_test.php index 8e7ece7..a0cafbd 100644 --- a/usr/local/www/status_captiveportal_test.php +++ b/usr/local/www/status_captiveportal_test.php @@ -90,7 +90,7 @@ include("fbegin.inc"); <tr> <td width="22%" valign="top"> </td> <td width="78%"> - <input name="zone" type="hidden" value="<?=$cpzone;?>"> + <input name="zone" type="hidden" value="<?=htmlspecialchars($cpzone);?>"> <input name="Submit" type="submit" class="formbtn" value="<?=gettext("Submit"); ?>"> </td> </tr> diff --git a/usr/local/www/status_wireless.php b/usr/local/www/status_wireless.php index 47da215..f18c9b5 100755 --- a/usr/local/www/status_wireless.php +++ b/usr/local/www/status_wireless.php @@ -89,7 +89,7 @@ display_top_tabs($tab_array); </td></tr> <tr><td> <div id="mainarea" class="tabcont"> -<input type="hidden" name="if" id="if" value="<?php echo $if; ?>"> +<input type="hidden" name="if" id="if" value="<?php echo htmlspecialchars($if); ?>"> <b><input type="submit" name="rescanwifi" id="rescanwifi" value="Rescan"></b><br/><br/> <b><?php echo gettext("Nearby access points or ad-hoc peers"); ?></b> <table class="tabcont sortable" colspan="3" cellpadding="3" width="100%"> diff --git a/usr/local/www/system_advanced_sysctl.php b/usr/local/www/system_advanced_sysctl.php index da1aef3..a7b1cee 100644 --- a/usr/local/www/system_advanced_sysctl.php +++ b/usr/local/www/system_advanced_sysctl.php @@ -50,8 +50,9 @@ if (!is_array($config['sysctl']['item'])) $a_tunable = &$config['sysctl']['item']; -$id = $_GET['id']; -if (isset($_POST['id'])) +if (is_numericint($_GET['id'])) + $id = $_GET['id']; +if (isset($_POST['id']) && is_numericint($_POST['id'])) $id = $_POST['id']; $act = $_GET['act']; @@ -257,7 +258,7 @@ include("head.inc"); <input id="submit" name="Submit" type="submit" class="formbtn" value="<?=gettext("Save"); ?>" /> <input id="cancelbutton" name="cancelbutton" type="button" class="formbtn" value="<?=gettext("Cancel"); ?>" onclick="history.back()" /> <?php if (isset($id) && $a_tunable[$id]): ?> - <input name="id" type="hidden" value="<?=$id;?>" /> + <input name="id" type="hidden" value="<?=htmlspecialchars($id);?>" /> <?php endif; ?> </td> </tr> diff --git a/usr/local/www/system_authservers.php b/usr/local/www/system_authservers.php index cbf5ebd..6b5c502 100644 --- a/usr/local/www/system_authservers.php +++ b/usr/local/www/system_authservers.php @@ -44,8 +44,9 @@ require_once("auth.inc"); $pgtitle = array(gettext("System"), gettext("Authentication Servers")); $shortcut_section = "authentication"; -$id = $_GET['id']; -if (isset($_POST['id'])) +if (is_numericint($_GET['id'])) + $id = $_GET['id']; +if (isset($_POST['id']) && is_numericint($_POST['id'])) $id = $_POST['id']; if (!is_array($config['system']['authserver'])) @@ -788,7 +789,7 @@ function select_clicked() { <td width="78%"> <input id="submit" name="save" type="submit" class="formbtn" value="<?=gettext("Save");?>" /> <?php if (isset($id) && $a_server[$id]): ?> - <input name="id" type="hidden" value="<?=$id;?>" /> + <input name="id" type="hidden" value="<?=htmlspecialchars($id);?>" /> <?php endif;?> </td> </tr> diff --git a/usr/local/www/system_camanager.php b/usr/local/www/system_camanager.php index ebbb882..63669e4 100644 --- a/usr/local/www/system_camanager.php +++ b/usr/local/www/system_camanager.php @@ -50,8 +50,9 @@ $openssl_digest_algs = array("sha1", "sha224", "sha256", "sha384", "sha512"); $pgtitle = array(gettext("System"), gettext("Certificate Authority Manager")); -$id = $_GET['id']; -if (isset($_POST['id'])) +if (is_numericint($_GET['id'])) + $id = $_GET['id']; +if (isset($_POST['id']) && is_numericint($_POST['id'])) $id = $_POST['id']; if (!is_array($config['ca'])) @@ -369,7 +370,7 @@ function method_change() { <form action="system_camanager.php" method="post" name="iform" id="iform"> <?php if ($act == "edit"): ?> <input type="hidden" name="edit" value="edit" id="edit" /> - <input type="hidden" name="id" value="<?php echo $id; ?>" id="id" /> + <input type="hidden" name="id" value="<?php echo htmlspecialchars($id); ?>" id="id" /> <input type="hidden" name="refid" value="<?php echo $pconfig['refid']; ?>" id="refid" /> <?php endif; ?> <table width="100%" border="0" cellpadding="6" cellspacing="0" summary="main area"> @@ -577,7 +578,7 @@ function method_change() { <td width="78%"> <input id="submit" name="save" type="submit" class="formbtn" value="<?=gettext("Save"); ?>" /> <?php if (isset($id) && $a_ca[$id]): ?> - <input name="id" type="hidden" value="<?=$id;?>" /> + <input name="id" type="hidden" value="<?=htmlspecialchars($id);?>" /> <?php endif;?> </td> </tr> diff --git a/usr/local/www/system_certmanager.php b/usr/local/www/system_certmanager.php index ff422de..c761a75 100644 --- a/usr/local/www/system_certmanager.php +++ b/usr/local/www/system_certmanager.php @@ -56,18 +56,21 @@ $openssl_digest_algs = array("sha1", "sha224", "sha256", "sha384", "sha512"); $pgtitle = array(gettext("System"), gettext("Certificate Manager")); -$userid = $_GET['userid']; -if (isset($_POST['userid'])) +if (is_numericint($_GET['userid'])) + $userid = $_GET['userid']; +if (isset($_POST['userid']) && is_numericint($_POST['userid'])) $userid = $_POST['userid']; -if (is_numeric($userid)) { + +if (isset($userid)) { $cert_methods["existing"] = gettext("Choose an existing certificate"); if (!is_array($config['system']['user'])) $config['system']['user'] = array(); $a_user =& $config['system']['user']; } -$id = $_GET['id']; -if (isset($_POST['id'])) +if (is_numericint($_GET['id'])) + $id = $_GET['id']; +if (isset($_POST['id']) && is_numericint($_POST['id'])) $id = $_POST['id']; if (!is_array($config['ca'])) @@ -975,7 +978,7 @@ function internalca_change() { <td width="22%" valign="top" class="vncellreq"><?=gettext("Existing Certificates");?></td> <td width="78%" class="vtable"> <?php if (isset($userid) && $a_user): ?> - <input name="userid" type="hidden" value="<?=$userid;?>" /> + <input name="userid" type="hidden" value="<?=htmlspecialchars($userid);?>" /> <?php endif;?> <select name='certref' class="formselect"> <?php @@ -1009,7 +1012,7 @@ function internalca_change() { <td width="78%"> <input id="submit" name="save" type="submit" class="formbtn" value="<?=gettext("Save");?>" /> <?php if (isset($id) && $a_cert[$id]): ?> - <input name="id" type="hidden" value="<?=$id;?>" /> + <input name="id" type="hidden" value="<?=htmlspecialchars($id);?>" /> <?php endif;?> </td> </tr> @@ -1062,7 +1065,7 @@ function internalca_change() { <?php endif; */ ?> <input id="submit" name="save" type="submit" class="formbtn" value="<?=gettext("Update");?>" /> <?php if (isset($id) && $a_cert[$id]): ?> - <input name="id" type="hidden" value="<?=$id;?>" /> + <input name="id" type="hidden" value="<?=htmlspecialchars($id);?>" /> <input name="act" type="hidden" value="csr" /> <?php endif;?> </td> diff --git a/usr/local/www/system_crlmanager.php b/usr/local/www/system_crlmanager.php index 6390a9e..0e3f230 100644 --- a/usr/local/www/system_crlmanager.php +++ b/usr/local/www/system_crlmanager.php @@ -49,8 +49,9 @@ $crl_methods = array( "internal" => gettext("Create an internal Certificate Revocation List"), "existing" => gettext("Import an existing Certificate Revocation List")); -$id = $_GET['id']; -if (isset($_POST['id'])) +if (is_numericint($_GET['id'])) + $id = $_GET['id']; +if (isset($_POST['id']) && is_numericint($_POST['id'])) $id = $_POST['id']; if (!is_array($config['ca'])) @@ -388,7 +389,7 @@ function method_change() { <td width="78%"> <input id="submit" name="save" type="submit" class="formbtn" value="<?=gettext("Save"); ?>" /> <?php if (isset($id) && $thiscrl): ?> - <input name="id" type="hidden" value="<?=$id;?>" /> + <input name="id" type="hidden" value="<?=htmlspecialchars($id);?>" /> <?php endif;?> </td> </tr> @@ -419,7 +420,7 @@ function method_change() { <td width="22%" valign="top"> </td> <td width="78%"> <input id="submit" name="save" type="submit" class="formbtn" value="<?=gettext("Save"); ?>" /> - <input name="id" type="hidden" value="<?=$id;?>" /> + <input name="id" type="hidden" value="<?=htmlspecialchars($id);?>" /> <input name="act" type="hidden" value="editimported" /> </td> </tr> @@ -637,4 +638,4 @@ method_change(); </script> </body> -</html>
\ No newline at end of file +</html> diff --git a/usr/local/www/system_gateway_groups_edit.php b/usr/local/www/system_gateway_groups_edit.php index 1656e9a..11a35d2 100755 --- a/usr/local/www/system_gateway_groups_edit.php +++ b/usr/local/www/system_gateway_groups_edit.php @@ -55,13 +55,13 @@ $categories = array('down' => gettext("Member Down"), 'downlatency' => gettext("High Latency"), 'downlosslatency' => gettext("Packet Loss or High Latency")); -$id = $_GET['id']; -if (isset($_POST['id'])) +if (is_numericint($_GET['id'])) + $id = $_GET['id']; +if (isset($_POST['id']) && is_numericint($_POST['id'])) $id = $_POST['id']; -if (isset($_GET['dup'])) { +if (isset($_GET['dup']) && is_numericint($_GET['dup'])) $id = $_GET['dup']; -} if (isset($id) && $a_gateway_groups[$id]) { $pconfig['name'] = $a_gateway_groups[$id]['name']; @@ -70,7 +70,7 @@ if (isset($id) && $a_gateway_groups[$id]) { $pconfig['trigger'] = $a_gateway_groups[$id]['trigger']; } -if (isset($_GET['dup'])) +if (isset($_GET['dup']) && is_numericint($_GET['dup'])) unset($id); if ($_POST) { diff --git a/usr/local/www/system_gateways_edit.php b/usr/local/www/system_gateways_edit.php index f28a34d..a3357ef 100755 --- a/usr/local/www/system_gateways_edit.php +++ b/usr/local/www/system_gateways_edit.php @@ -55,13 +55,13 @@ if (!is_array($config['gateways']['gateway_item'])) $a_gateway_item = &$config['gateways']['gateway_item']; $apinger_default = return_apinger_defaults(); -$id = $_GET['id']; -if (isset($_POST['id'])) +if (is_numericint($_GET['id'])) + $id = $_GET['id']; +if (isset($_POST['id']) && is_numericint($_POST['id'])) $id = $_POST['id']; -if (isset($_GET['dup'])) { +if (isset($_GET['dup']) && is_numericint($_GET['dup'])) $id = $_GET['dup']; -} if (isset($id) && $a_gateways[$id]) { $pconfig = array(); @@ -94,7 +94,7 @@ if (isset($id) && $a_gateways[$id]) { $pconfig['disabled'] = isset($a_gateways[$id]['disabled']); } -if (isset($_GET['dup'])) { +if (isset($_GET['dup']) && is_numericint($_GET['dup'])) { unset($id); unset($pconfig['attribute']); } diff --git a/usr/local/www/system_groupmanager_addprivs.php b/usr/local/www/system_groupmanager_addprivs.php index f4e0dd0..ac48a35 100644 --- a/usr/local/www/system_groupmanager_addprivs.php +++ b/usr/local/www/system_groupmanager_addprivs.php @@ -55,8 +55,9 @@ require("guiconfig.inc"); $pgtitle = array(gettext("System"),gettext("Group manager"),gettext("Add privileges")); -$groupid = $_GET['groupid']; -if (isset($_POST['groupid'])) +if (is_numericint($_GET['groupid'])) + $groupid = $_GET['groupid']; +if (isset($_POST['groupid']) && is_numericint($_POST['groupid'])) $groupid = $_POST['groupid']; $a_group = & $config['system']['group'][$groupid]; @@ -224,7 +225,7 @@ function update_description() { <input id="submitt" name="Submit" type="submit" class="formbtn" value="<?=gettext("Save");?>" /> <input id="cancelbutton" class="formbtn" type="button" value="<?=gettext("Cancel");?>" onclick="history.back()" /> <?php if (isset($groupid)): ?> - <input name="groupid" type="hidden" value="<?=$groupid;?>" /> + <input name="groupid" type="hidden" value="<?=htmlspecialchars($groupid);?>" /> <?php endif; ?> </td> </tr> diff --git a/usr/local/www/system_routes_edit.php b/usr/local/www/system_routes_edit.php index 4fc531e..e6ab87f 100755 --- a/usr/local/www/system_routes_edit.php +++ b/usr/local/www/system_routes_edit.php @@ -50,13 +50,13 @@ if (!is_array($config['staticroutes']['route'])) $a_routes = &$config['staticroutes']['route']; $a_gateways = return_gateways_array(true, true); -$id = $_GET['id']; -if (isset($_POST['id'])) +if (is_numericint($_GET['id'])) + $id = $_GET['id']; +if (isset($_POST['id']) && is_numericint($_POST['id'])) $id = $_POST['id']; -if (isset($_GET['dup'])) { +if (isset($_GET['dup']) && is_numericint($_GET['dup'])) $id = $_GET['dup']; -} if (isset($id) && $a_routes[$id]) { list($pconfig['network'],$pconfig['network_subnet']) = @@ -66,7 +66,7 @@ if (isset($id) && $a_routes[$id]) { $pconfig['disabled'] = isset($a_routes[$id]['disabled']); } -if (isset($_GET['dup'])) +if (isset($_GET['dup']) && is_numericint($_GET['dup'])) unset($id); if ($_POST) { diff --git a/usr/local/www/system_usermanager.php b/usr/local/www/system_usermanager.php index 4754941..a424932 100644 --- a/usr/local/www/system_usermanager.php +++ b/usr/local/www/system_usermanager.php @@ -53,8 +53,9 @@ require("guiconfig.inc"); // start admin user code $pgtitle = array(gettext("System"),gettext("User Manager")); -$id = $_GET['id']; -if (isset($_POST['id'])) +if (is_numericint($_GET['id'])) + $id = $_GET['id']; +if (isset($_POST['id']) && is_numericint($_POST['id'])) $id = $_POST['id']; if (!is_array($config['system']['user'])) @@ -774,7 +775,7 @@ function sshkeyClicked(obj) { <td width="78%"> <input id="submit" name="save" type="submit" class="formbtn" value="<?=gettext("Save");?>" /> <?php if (isset($id) && $a_user[$id]): ?> - <input name="id" type="hidden" value="<?=$id;?>" /> + <input name="id" type="hidden" value="<?=htmlspecialchars($id);?>" /> <?php endif;?> </td> </tr> diff --git a/usr/local/www/system_usermanager_addprivs.php b/usr/local/www/system_usermanager_addprivs.php index 8a69310..ff7cc64 100644 --- a/usr/local/www/system_usermanager_addprivs.php +++ b/usr/local/www/system_usermanager_addprivs.php @@ -46,8 +46,9 @@ require("guiconfig.inc"); $pgtitle = array("System","User manager","Add privileges"); -$userid = $_GET['userid']; -if (isset($_POST['userid'])) +if (is_numericint($_GET['userid'])) + $userid = $_GET['userid']; +if (isset($_POST['userid']) && is_numericint($_POST['userid'])) $userid = $_POST['userid']; $a_user = & $config['system']['user'][$userid]; @@ -195,7 +196,7 @@ function update_description() { <input id="submitt" name="Submit" type="submit" class="formbtn" value="<?=gettext("Save");?>" /> <input id="cancelbutton" class="formbtn" type="button" value="<?=gettext("Cancel");?>" onclick="history.back()" /> <?php if (isset($userid)): ?> - <input name="userid" type="hidden" value="<?=$userid;?>" /> + <input name="userid" type="hidden" value="<?=htmlspecialchars($userid);?>" /> <?php endif; ?> </td> </tr> diff --git a/usr/local/www/vpn_ipsec_keys_edit.php b/usr/local/www/vpn_ipsec_keys_edit.php index a561990..2983954 100644 --- a/usr/local/www/vpn_ipsec_keys_edit.php +++ b/usr/local/www/vpn_ipsec_keys_edit.php @@ -46,8 +46,9 @@ if (!is_array($config['ipsec']['mobilekey'])) { ipsec_mobilekey_sort(); $a_secret = &$config['ipsec']['mobilekey']; -$id = $_GET['id']; -if (isset($_POST['id'])) +if (is_numericint($_GET['id'])) + $id = $_GET['id']; +if (isset($_POST['id']) && is_numericint($_POST['id'])) $id = $_POST['id']; if (isset($id) && $a_secret[$id]) { diff --git a/usr/local/www/vpn_ipsec_phase1.php b/usr/local/www/vpn_ipsec_phase1.php index baf761b..d59534e 100644 --- a/usr/local/www/vpn_ipsec_phase1.php +++ b/usr/local/www/vpn_ipsec_phase1.php @@ -50,17 +50,17 @@ if (!is_array($config['ipsec']['phase2'])) $a_phase1 = &$config['ipsec']['phase1']; $a_phase2 = &$config['ipsec']['phase2']; -$p1index = $_GET['p1index']; -if (isset($_POST['p1index'])) +if (is_numericint($_GET['p1index'])) + $p1index = $_GET['p1index']; +if (isset($_POST['p1index']) && is_numericint($_GET['p1index'])) $p1index = $_POST['p1index']; -if (isset($_GET['dup'])) { +if (isset($_GET['dup']) && is_numericint($_GET['dup'])) $p1index = $_GET['dup']; -} if (isset($p1index) && $a_phase1[$p1index]) { // don't copy the ikeid on dup - if (!isset($_GET['dup'])) + if (!isset($_GET['dup']) || !is_numericint($_GET['dup'])) $pconfig['ikeid'] = $a_phase1[$p1index]['ikeid']; $old_ph1ent = $a_phase1[$p1index]; @@ -131,7 +131,7 @@ if (isset($p1index) && $a_phase1[$p1index]) { $pconfig['mobile']=true; } -if (isset($_GET['dup'])) +if (isset($_GET['dup']) && is_numericint($_GET['dup'])) unset($p1index); if ($_POST) { @@ -866,7 +866,7 @@ function dpdchkbox_change() { <td width="22%" valign="top"> </td> <td width="78%"> <?php if (isset($p1index) && $a_phase1[$p1index]): ?> - <input name="p1index" type="hidden" value="<?=$p1index;?>"> + <input name="p1index" type="hidden" value="<?=htmlspecialchars($p1index);?>"> <?php endif; ?> <?php if ($pconfig['mobile']): ?> <input name="mobile" type="hidden" value="true"> diff --git a/usr/local/www/vpn_ipsec_phase2.php b/usr/local/www/vpn_ipsec_phase2.php index 9254b6b..79c7ae2 100644 --- a/usr/local/www/vpn_ipsec_phase2.php +++ b/usr/local/www/vpn_ipsec_phase2.php @@ -51,11 +51,12 @@ if (!is_array($config['ipsec']['phase2'])) $a_phase2 = &$config['ipsec']['phase2']; -$p2index = $_GET['p2index']; -if (isset($_POST['p2index'])) +if (is_numericint($_GET['p2index'])) + $p2index = $_GET['p2index']; +if (isset($_POST['p2index']) && is_numericint($_GET['p2index'])) $p2index = $_POST['p2index']; -if (isset($_GET['dup'])) +if (isset($_GET['dup']) && is_numericint($_GET['dup'])) $p2index = $_GET['dup']; if (isset($p2index) && $a_phase2[$p2index]) @@ -99,7 +100,7 @@ else $pconfig['mobile']=true; } -if (isset($_GET['dup'])) +if (isset($_GET['dup']) && is_numericint($_GET['dup'])) unset($p2index); if ($_POST) { @@ -781,7 +782,7 @@ function change_protocol() { <td width="22%" valign="top"> </td> <td width="78%"> <?php if (isset($p2index) && $a_phase2[$p2index]): ?> - <input name="p2index" type="hidden" value="<?=$p2index;?>"> + <input name="p2index" type="hidden" value="<?=htmlspecialchars($p2index);?>"> <?php endif; ?> <?php if ($pconfig['mobile']): ?> <input name="mobile" type="hidden" value="true"> diff --git a/usr/local/www/vpn_l2tp_users_edit.php b/usr/local/www/vpn_l2tp_users_edit.php index f4ef5f0..1dd0a82 100644 --- a/usr/local/www/vpn_l2tp_users_edit.php +++ b/usr/local/www/vpn_l2tp_users_edit.php @@ -59,8 +59,9 @@ if (!is_array($config['l2tp']['user'])) { } $a_secret = &$config['l2tp']['user']; -$id = $_GET['id']; -if (isset($_POST['id'])) +if (is_numericint($_GET['id'])) + $id = $_GET['id']; +if (isset($_POST['id']) && is_numericint($_POST['id'])) $id = $_POST['id']; if (isset($id) && $a_secret[$id]) { diff --git a/usr/local/www/vpn_openvpn_client.php b/usr/local/www/vpn_openvpn_client.php index 5604b32..ff5c555 100644 --- a/usr/local/www/vpn_openvpn_client.php +++ b/usr/local/www/vpn_openvpn_client.php @@ -60,8 +60,9 @@ if (!is_array($config['crl'])) $a_crl =& $config['crl']; -$id = $_GET['id']; -if (isset($_POST['id'])) +if (is_numericint($_GET['id'])) + $id = $_GET['id']; +if (isset($_POST['id']) && is_numericint($_POST['id'])) $id = $_POST['id']; $act = $_GET['act']; @@ -944,7 +945,7 @@ if ($savemsg) <input name="save" type="submit" class="formbtn" value="<?=gettext("Save"); ?>"> <input name="act" type="hidden" value="<?=$act;?>"> <?php if (isset($id) && $a_client[$id]): ?> - <input name="id" type="hidden" value="<?=$id;?>"> + <input name="id" type="hidden" value="<?=htmlspecialchars($id);?>"> <?php endif; ?> </td> </tr> diff --git a/usr/local/www/vpn_openvpn_csc.php b/usr/local/www/vpn_openvpn_csc.php index 6272eb1..50e63eb 100644 --- a/usr/local/www/vpn_openvpn_csc.php +++ b/usr/local/www/vpn_openvpn_csc.php @@ -45,8 +45,9 @@ if (!is_array($config['openvpn']['openvpn-csc'])) $a_csc = &$config['openvpn']['openvpn-csc']; -$id = $_GET['id']; -if (isset($_POST['id'])) +if (is_numericint($_GET['id'])) + $id = $_GET['id']; +if (isset($_POST['id']) && is_numericint($_POST['id'])) $id = $_POST['id']; $act = $_GET['act']; @@ -732,7 +733,7 @@ function netbios_change() { <input name="save" type="submit" class="formbtn" value="<?=gettext("Save"); ?>"> <input name="act" type="hidden" value="<?=$act;?>"> <?php if (isset($id) && $a_csc[$id]): ?> - <input name="id" type="hidden" value="<?=$id;?>"> + <input name="id" type="hidden" value="<?=htmlspecialchars($id);?>"> <?php endif; ?> </td> </tr> diff --git a/usr/local/www/vpn_openvpn_server.php b/usr/local/www/vpn_openvpn_server.php index aedff32..0ae8421 100644 --- a/usr/local/www/vpn_openvpn_server.php +++ b/usr/local/www/vpn_openvpn_server.php @@ -61,8 +61,9 @@ foreach ($a_crl as $cid => $acrl) if (!isset($acrl['refid'])) unset ($a_crl[$cid]); -$id = $_GET['id']; -if (isset($_POST['id'])) +if (is_numericint($_GET['id'])) + $id = $_GET['id']; +if (isset($_POST['id']) && is_numericint($_POST['id'])) $id = $_POST['id']; $act = $_GET['act']; @@ -1735,7 +1736,7 @@ if ($savemsg) <input name="save" type="submit" class="formbtn" value="<?=gettext("Save"); ?>"> <input name="act" type="hidden" value="<?=$act;?>"> <?php if (isset($id) && $a_server[$id]): ?> - <input name="id" type="hidden" value="<?=$id;?>"> + <input name="id" type="hidden" value="<?=htmlspecialchars($id);?>"> <?php endif; ?> </td> </tr> diff --git a/usr/local/www/vpn_pppoe_edit.php b/usr/local/www/vpn_pppoe_edit.php index dfdbf91..662e6ff 100755 --- a/usr/local/www/vpn_pppoe_edit.php +++ b/usr/local/www/vpn_pppoe_edit.php @@ -60,8 +60,9 @@ if (!is_array($config['pppoes']['pppoe'])) { } $a_pppoes = &$config['pppoes']['pppoe']; -$id = $_GET['id']; -if (isset($_POST['id'])) +if (is_numericint($_GET['id'])) + $id = $_GET['id']; +if (isset($_POST['id']) && is_numericint($_POST['id'])) $id = $_POST['id']; if (isset($id) && $a_pppoes[$id]) { diff --git a/usr/local/www/vpn_pptp_users_edit.php b/usr/local/www/vpn_pptp_users_edit.php index 24c0063..e32ab9c 100755 --- a/usr/local/www/vpn_pptp_users_edit.php +++ b/usr/local/www/vpn_pptp_users_edit.php @@ -56,8 +56,9 @@ if (!is_array($config['pptpd']['user'])) { } $a_secret = &$config['pptpd']['user']; -$id = $_GET['id']; -if (isset($_POST['id'])) +if (is_numericint($_GET['id'])) + $id = $_GET['id']; +if (isset($_POST['id']) && is_numericint($_POST['id'])) $id = $_POST['id']; if (isset($id) && $a_secret[$id]) { |