diff options
author | Ermal <eri@pfsense.org> | 2012-11-20 14:05:01 +0000 |
---|---|---|
committer | Ermal <eri@pfsense.org> | 2012-11-20 14:05:24 +0000 |
commit | 6acfbc6f4942c0eedb60678e20fa0abfeb7d21e3 (patch) | |
tree | e6bcd75af96e25802e4334c5a740331c80c5dd0b /usr/local | |
parent | a6f64d307678097ae6257ca9183b2dcd6aea673c (diff) | |
download | pfsense-6acfbc6f4942c0eedb60678e20fa0abfeb7d21e3.zip pfsense-6acfbc6f4942c0eedb60678e20fa0abfeb7d21e3.tar.gz |
Resolves #2294. Base64 encode the file when sending to the browser same way it is encoded when sent to us. This prevents csrf from mangling things
Diffstat (limited to 'usr/local')
-rw-r--r-- | usr/local/www/edit.php | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/usr/local/www/edit.php b/usr/local/www/edit.php index a87dfa4..84d366e 100644 --- a/usr/local/www/edit.php +++ b/usr/local/www/edit.php @@ -53,6 +53,7 @@ if($_POST['action']) { if($data === false) { echo "|1|" . gettext("Failed to read file") . ".|"; } else { + $data = base64_encode($data); echo "|0|{$_POST['file']}|{$data}|"; } } @@ -114,8 +115,9 @@ outputJavaScriptFileInline("javascript/base64.js"); if(values.shift() == "0") { var file = values.shift(); + var fileContent = Base64.decode(values.join("|")); $("fileStatus").innerHTML = "<?=gettext("File successfully loaded"); ?>."; - $("fileContent").value = values.join("|"); + $("fileContent").value = fileContent; var lang = "none"; if(file.indexOf(".php") > 0) lang = "php"; |