diff options
author | Renato Botelho <garga@FreeBSD.org> | 2014-03-12 11:35:57 -0300 |
---|---|---|
committer | Renato Botelho <garga@FreeBSD.org> | 2014-03-12 11:42:32 -0300 |
commit | 0e6cf71b17cc57c40aebc64359c1a27e2515b7b7 (patch) | |
tree | 8e409a77838a21da4644e4d3f39d05acf17a4952 /usr/local | |
parent | 3b77ba4a2a96a388682d564c3b9b7517bbbfdb21 (diff) | |
download | pfsense-0e6cf71b17cc57c40aebc64359c1a27e2515b7b7.zip pfsense-0e6cf71b17cc57c40aebc64359c1a27e2515b7b7.tar.gz |
Improve checks for params 'id', 'dup' and other similar ones to make sure they are numeric integer, also, pass them through htmlspecialchars() before print
Diffstat (limited to 'usr/local')
66 files changed, 234 insertions, 194 deletions
diff --git a/usr/local/www/firewall_aliases_edit.php b/usr/local/www/firewall_aliases_edit.php index f787d1e..57ce1f3 100755 --- a/usr/local/www/firewall_aliases_edit.php +++ b/usr/local/www/firewall_aliases_edit.php @@ -92,8 +92,9 @@ function alias_same_type($name, $type) { return true; } -$id = $_GET['id']; -if (isset($_POST['id'])) +if (is_numericint($_GET['id'])) + $id = $_GET['id']; +if (isset($_POST['id']) && is_numericint($_POST['id'])) $id = $_POST['id']; if (isset($id) && $a_aliases[$id]) { diff --git a/usr/local/www/firewall_nat_1to1_edit.php b/usr/local/www/firewall_nat_1to1_edit.php index 8f54686..12afa3d 100755 --- a/usr/local/www/firewall_nat_1to1_edit.php +++ b/usr/local/www/firewall_nat_1to1_edit.php @@ -70,8 +70,9 @@ if (!is_array($config['nat']['onetoone'])) { } $a_1to1 = &$config['nat']['onetoone']; -$id = $_GET['id']; -if (isset($_POST['id'])) +if (is_numericint($_GET['id'])) + $id = $_GET['id']; +if (isset($_POST['id']) && is_numericint($_POST['id'])) $id = $_POST['id']; if (isset($id) && $a_1to1[$id]) { diff --git a/usr/local/www/firewall_nat_edit.php b/usr/local/www/firewall_nat_edit.php index b879481..0b25304 100755 --- a/usr/local/www/firewall_nat_edit.php +++ b/usr/local/www/firewall_nat_edit.php @@ -56,16 +56,17 @@ if (!is_array($config['nat']['rule'])) { } $a_nat = &$config['nat']['rule']; -$id = $_GET['id']; -if (isset($_POST['id'])) +if (is_numericint($_GET['id'])) + $id = $_GET['id']; +if (isset($_POST['id']) && is_numericint($_POST['id'])) $id = $_POST['id']; -$after = $_GET['after']; - -if (isset($_POST['after'])) +if (is_numericint($_GET['after'])) + $after = $_GET['after']; +if (isset($_POST['after']) && is_numericint($_GET['after'])) $after = $_POST['after']; -if (isset($_GET['dup'])) { +if (isset($_GET['dup']) && is_numericint($_GET['dup'])) { $id = $_GET['dup']; $after = $_GET['dup']; } @@ -105,7 +106,7 @@ if (isset($id) && $a_nat[$id]) { $pconfig['srcendport'] = "any"; } -if (isset($_GET['dup'])) +if (isset($_GET['dup']) && is_numericint($_GET['dup'])) unset($id); /* run through $_POST items encoding HTML entties so that the user @@ -804,7 +805,7 @@ include("fbegin.inc"); ?> </select> </td> </tr> - <?php if (isset($id) && $a_nat[$id] && !isset($_GET['dup'])): ?> + <?php if (isset($id) && $a_nat[$id] && (!isset($_GET['dup']) || !is_numericint($_GET['dup']))): ?> <tr id="assoctable"> <td width="22%" valign="top" class="vncell"><?=gettext("Filter rule association"); ?></td> <td width="78%" class="vtable"> @@ -835,7 +836,7 @@ include("fbegin.inc"); ?> </td> </tr> <?php endif; ?> - <?php if ((!(isset($id) && $a_nat[$id])) || (isset($_GET['dup']))): ?> + <?php if ((!(isset($id) && $a_nat[$id])) || (isset($_GET['dup']) && is_numericint($_GET['dup']))): ?> <tr id="assoctable"> <td width="22%" valign="top" class="vncell"><?=gettext("Filter rule association"); ?></td> <td width="78%" class="vtable"> diff --git a/usr/local/www/firewall_nat_npt_edit.php b/usr/local/www/firewall_nat_npt_edit.php index 583490f..70dd97c 100644 --- a/usr/local/www/firewall_nat_npt_edit.php +++ b/usr/local/www/firewall_nat_npt_edit.php @@ -69,8 +69,9 @@ if (!is_array($config['nat']['npt'])) { } $a_npt = &$config['nat']['npt']; -$id = $_GET['id']; -if (isset($_POST['id'])) +if (is_numericint($_GET['id'])) + $id = $_GET['id']; +if (isset($_POST['id']) && is_numericint($_POST['id'])) $id = $_POST['id']; if (isset($id) && $a_npt[$id]) { diff --git a/usr/local/www/firewall_nat_out_edit.php b/usr/local/www/firewall_nat_out_edit.php index a187afd..aae4319 100755 --- a/usr/local/www/firewall_nat_out_edit.php +++ b/usr/local/www/firewall_nat_out_edit.php @@ -58,19 +58,19 @@ if (!is_array($config['aliases']['alias'])) $config['aliases']['alias'] = array(); $a_aliases = &$config['aliases']['alias']; -$id = $_GET['id']; -if (isset($_POST['id'])) { +if (is_numericint($_GET['id'])) + $id = $_GET['id']; +if (isset($_POST['id']) && is_numericint($_POST['id'])) $id = $_POST['id']; -} - -$after = $_GET['after']; -if (isset($_POST['after'])) +if (is_numericint($_GET['after'])) + $after = $_GET['after']; +if (isset($_POST['after']) && is_numericint($_GET['after'])) $after = $_POST['after']; -if (isset($_GET['dup'])) { - $id = $_GET['dup']; - $after = $_GET['dup']; +if (isset($_GET['dup']) && is_numericint($_GET['dup'])) { + $id = $_GET['dup']; + $after = $_GET['dup']; } if (isset($id) && $a_out[$id]) { @@ -109,9 +109,8 @@ if (isset($id) && $a_out[$id]) { $pconfig['interface'] = "wan"; } -if (isset($_GET['dup'])) { - unset($id); -} +if (isset($_GET['dup']) && is_numericint($_GET['dup'])) + unset($id); if ($_POST) { if ($_POST['destination_type'] == "any") { diff --git a/usr/local/www/firewall_rules_edit.php b/usr/local/www/firewall_rules_edit.php index d4efe51..10192cb 100755 --- a/usr/local/www/firewall_rules_edit.php +++ b/usr/local/www/firewall_rules_edit.php @@ -81,18 +81,19 @@ if (!is_array($config['filter']['rule'])) { filter_rules_sort(); $a_filter = &$config['filter']['rule']; -$id = $_GET['id']; -if (is_numeric($_POST['id'])) +if (is_numericint($_GET['id'])) + $id = $_GET['id']; +if (isset($_POST['id']) && is_numericint($_POST['id'])) $id = $_POST['id']; -$after = $_GET['after']; - -if (isset($_POST['after'])) +if (is_numericint($_GET['after'])) + $after = $_GET['after']; +if (isset($_POST['after']) && is_numericint($_GET['after'])) $after = $_POST['after']; -if (isset($_GET['dup'])) { - $id = $_GET['dup']; - $after = $_GET['dup']; +if (isset($_GET['dup']) && is_numericint($_GET['dup'])) { + $id = $_GET['dup']; + $after = $_GET['dup']; } if (isset($id) && $a_filter[$id]) { @@ -202,7 +203,7 @@ if (isset($id) && $a_filter[$id]) { $pconfig['sched'] = (($a_filter[$id]['sched'] == "none") ? '' : $a_filter[$id]['sched']); $pconfig['vlanprio'] = (($a_filter[$id]['vlanprio'] == "none") ? '' : $a_filter[$id]['vlanprio']); $pconfig['vlanprioset'] = (($a_filter[$id]['vlanprioset'] == "none") ? '' : $a_filter[$id]['vlanprioset']); - if (!isset($_GET['dup'])) + if (!isset($_GET['dup']) || !is_numericint($_GET['dup'])) $pconfig['associated-rule-id'] = $a_filter[$id]['associated-rule-id']; } else { @@ -216,7 +217,7 @@ if (isset($id) && $a_filter[$id]) { /* Allow the FloatingRules to work */ $if = $pconfig['interface']; -if (isset($_GET['dup'])) +if (isset($_GET['dup']) && is_numericint($_GET['dup'])) unset($id); read_altq_config(); /* XXX: */ diff --git a/usr/local/www/firewall_schedule_edit.php b/usr/local/www/firewall_schedule_edit.php index 5de6a27..b02dbd1 100644 --- a/usr/local/www/firewall_schedule_edit.php +++ b/usr/local/www/firewall_schedule_edit.php @@ -74,9 +74,9 @@ if (!is_array($config['schedules']['schedule'])) $a_schedules = &$config['schedules']['schedule']; - -$id = $_GET['id']; -if (isset($_POST['id'])) +if (is_numericint($_GET['id'])) + $id = $_GET['id']; +if (isset($_POST['id']) && is_numericint($_POST['id'])) $id = $_POST['id']; if (isset($id) && $a_schedules[$id]) { diff --git a/usr/local/www/firewall_virtual_ip.php b/usr/local/www/firewall_virtual_ip.php index 3a3cb3d..3703d55 100755 --- a/usr/local/www/firewall_virtual_ip.php +++ b/usr/local/www/firewall_virtual_ip.php @@ -192,7 +192,7 @@ if ($_GET['act'] == "del") { exit; } } -} else if ($_GET['changes'] == "mods") +} else if ($_GET['changes'] == "mods" && is_numericint($_GET['id'])) $id = $_GET['id']; $pgtitle = array(gettext("Firewall"),gettext("Virtual IP Addresses")); @@ -224,7 +224,7 @@ include("head.inc"); ?> </td></tr> <tr> - <td><input type="hidden" id="id" name="id" value="<?php echo $id; ?>" /></td> + <td><input type="hidden" id="id" name="id" value="<?php echo htmlspecialchars($id); ?>" /></td> </tr> <tr> <td> diff --git a/usr/local/www/firewall_virtual_ip_edit.php b/usr/local/www/firewall_virtual_ip_edit.php index b97b593..966719e 100755 --- a/usr/local/www/firewall_virtual_ip_edit.php +++ b/usr/local/www/firewall_virtual_ip_edit.php @@ -58,10 +58,10 @@ if (!is_array($config['virtualip']['vip'])) { } $a_vip = &$config['virtualip']['vip']; -if (isset($_POST['id'])) - $id = $_POST['id']; -else +if (is_numericint($_GET['id'])) $id = $_GET['id']; +if (isset($_POST['id']) && is_numericint($_POST['id'])) + $id = $_POST['id']; function return_first_two_octets($ip) { $ip_split = explode(".", $ip); diff --git a/usr/local/www/interfaces.php b/usr/local/www/interfaces.php index 0d452c7..4e92762 100755 --- a/usr/local/www/interfaces.php +++ b/usr/local/www/interfaces.php @@ -2769,7 +2769,7 @@ $types6 = array("none" => gettext("None"), "staticv6" => gettext("Static IPv6"), <br/> <input id="save" name="Submit" type="submit" class="formbtn" value="<?=gettext("Save"); ?>" /> <input id="cancel" type="button" class="formbtn" value="<?=gettext("Cancel"); ?>" onclick="history.back()" /> - <input name="if" type="hidden" id="if" value="<?=$if;?>" /> + <input name="if" type="hidden" id="if" value="<?=htmlspecialchars($if);?>" /> <?php if ($wancfg['if'] == $a_ppps[$pppid]['if']) : ?> <input name="ppp_port" type="hidden" value="<?=htmlspecialchars($pconfig['port']);?>" /> <?php endif; ?> diff --git a/usr/local/www/interfaces_bridge_edit.php b/usr/local/www/interfaces_bridge_edit.php index 1565abc..8ef6043 100644 --- a/usr/local/www/interfaces_bridge_edit.php +++ b/usr/local/www/interfaces_bridge_edit.php @@ -51,8 +51,9 @@ foreach ($ifacelist as $bif => $bdescr) { unset($ifacelist[$bif]); } -$id = $_GET['id']; -if (isset($_POST['id'])) +if (is_numericint($_GET['id'])) + $id = $_GET['id']; +if (isset($_POST['id']) && is_numericint($_POST['id'])) $id = $_POST['id']; if (isset($id) && $a_bridges[$id]) { diff --git a/usr/local/www/interfaces_gif_edit.php b/usr/local/www/interfaces_gif_edit.php index b5eb89c..4add083 100644 --- a/usr/local/www/interfaces_gif_edit.php +++ b/usr/local/www/interfaces_gif_edit.php @@ -45,9 +45,9 @@ if (!is_array($config['gifs']['gif'])) $a_gifs = &$config['gifs']['gif']; - -$id = $_GET['id']; -if (isset($_POST['id'])) +if (is_numericint($_GET['id'])) + $id = $_GET['id']; +if (isset($_POST['id']) && is_numericint($_POST['id'])) $id = $_POST['id']; if (isset($id) && $a_gifs[$id]) { diff --git a/usr/local/www/interfaces_gre_edit.php b/usr/local/www/interfaces_gre_edit.php index 984def3..5d97cd6 100644 --- a/usr/local/www/interfaces_gre_edit.php +++ b/usr/local/www/interfaces_gre_edit.php @@ -46,9 +46,9 @@ if (!is_array($config['gres']['gre'])) $a_gres = &$config['gres']['gre']; - -$id = $_GET['id']; -if (isset($_POST['id'])) +if (is_numericint($_GET['id'])) + $id = $_GET['id']; +if (isset($_POST['id']) && is_numericint($_POST['id'])) $id = $_POST['id']; if (isset($id) && $a_gres[$id]) { diff --git a/usr/local/www/interfaces_groups_edit.php b/usr/local/www/interfaces_groups_edit.php index 6551323..a5960be 100755 --- a/usr/local/www/interfaces_groups_edit.php +++ b/usr/local/www/interfaces_groups_edit.php @@ -49,9 +49,9 @@ if (!is_array($config['ifgroups']['ifgroupentry'])) $a_ifgroups = &$config['ifgroups']['ifgroupentry']; -if (isset($_GET['id'])) +if (is_numericint($_GET['id'])) $id = $_GET['id']; -if (isset($_POST['id'])) +if (isset($_POST['id']) && is_numericint($_POST['id'])) $id = $_POST['id']; if (isset($id) && $a_ifgroups[$id]) { diff --git a/usr/local/www/interfaces_lagg_edit.php b/usr/local/www/interfaces_lagg_edit.php index 26595f9..af4846e 100644 --- a/usr/local/www/interfaces_lagg_edit.php +++ b/usr/local/www/interfaces_lagg_edit.php @@ -64,8 +64,9 @@ foreach ($checklist as $tmpif) $laggprotos = array("none", "lacp", "failover", "fec", "loadbalance", "roundrobin"); -$id = $_GET['id']; -if (isset($_POST['id'])) +if (is_numericint($_GET['id'])) + $id = $_GET['id']; +if (isset($_POST['id']) && is_numericint($_POST['id'])) $id = $_POST['id']; if (isset($id) && $a_laggs[$id]) { diff --git a/usr/local/www/interfaces_ppps_edit.php b/usr/local/www/interfaces_ppps_edit.php index efa6f89..fe0e1e8 100644 --- a/usr/local/www/interfaces_ppps_edit.php +++ b/usr/local/www/interfaces_ppps_edit.php @@ -64,8 +64,9 @@ if (is_array($config['vlans']['vlan']) && count($config['vlans']['vlan'])) { } } -$id = $_GET['id']; -if (isset($_POST['id'])) +if (is_numericint($_GET['id'])) + $id = $_GET['id']; +if (isset($_POST['id']) && is_numericint($_POST['id'])) $id = $_POST['id']; if (isset($id) && $a_ppps[$id]) { diff --git a/usr/local/www/interfaces_qinq_edit.php b/usr/local/www/interfaces_qinq_edit.php index adb584a..093f3a2 100755 --- a/usr/local/www/interfaces_qinq_edit.php +++ b/usr/local/www/interfaces_qinq_edit.php @@ -59,8 +59,9 @@ if (count($portlist) < 1) { exit; } -$id = $_GET['id']; -if (isset($_POST['id'])) +if (is_numericint($_GET['id'])) + $id = $_GET['id']; +if (isset($_POST['id']) && is_numericint($_POST['id'])) $id = $_POST['id']; if (isset($id) && $a_qinqs[$id]) { diff --git a/usr/local/www/interfaces_vlan_edit.php b/usr/local/www/interfaces_vlan_edit.php index ced8611..bae4dab 100755 --- a/usr/local/www/interfaces_vlan_edit.php +++ b/usr/local/www/interfaces_vlan_edit.php @@ -54,8 +54,9 @@ if (is_array($config['laggs']['lagg']) && count($config['laggs']['lagg'])) { $portlist[$lagg['laggif']] = $lagg; } -$id = $_GET['id']; -if (isset($_POST['id'])) +if (is_numericint($_GET['id'])) + $id = $_GET['id']; +if (isset($_POST['id']) && is_numericint($_POST['id'])) $id = $_POST['id']; if (isset($id) && $a_vlans[$id]) { diff --git a/usr/local/www/interfaces_wireless_edit.php b/usr/local/www/interfaces_wireless_edit.php index 71c4e85..a9c96a3 100644 --- a/usr/local/www/interfaces_wireless_edit.php +++ b/usr/local/www/interfaces_wireless_edit.php @@ -65,8 +65,9 @@ function clone_compare($a, $b) { $portlist = get_interface_list(); -$id = $_GET['id']; -if (isset($_POST['id'])) +if (is_numericint($_GET['id'])) + $id = $_GET['id']; +if (isset($_POST['id']) && is_numericint($_POST['id'])) $id = $_POST['id']; if (isset($id) && $a_clones[$id]) { diff --git a/usr/local/www/load_balancer_monitor_edit.php b/usr/local/www/load_balancer_monitor_edit.php index 271b2f6..33fb7de 100755 --- a/usr/local/www/load_balancer_monitor_edit.php +++ b/usr/local/www/load_balancer_monitor_edit.php @@ -46,10 +46,10 @@ if (!is_array($config['load_balancer']['monitor_type'])) { } $a_monitor = &$config['load_balancer']['monitor_type']; -if (isset($_POST['id'])) - $id = $_POST['id']; -else +if (is_numericint($_GET['id'])) $id = $_GET['id']; +if (isset($_POST['id']) && is_numericint($_POST['id'])) + $id = $_POST['id']; if (isset($id) && $a_monitor[$id]) { $pconfig['name'] = $a_monitor[$id]['name']; diff --git a/usr/local/www/load_balancer_pool_edit.php b/usr/local/www/load_balancer_pool_edit.php index a47b8c8..c019d3c 100755 --- a/usr/local/www/load_balancer_pool_edit.php +++ b/usr/local/www/load_balancer_pool_edit.php @@ -48,10 +48,10 @@ if (!is_array($config['load_balancer']['lbpool'])) { } $a_pool = &$config['load_balancer']['lbpool']; -if (isset($_POST['id'])) - $id = $_POST['id']; -else +if (is_numericint($_GET['id'])) $id = $_GET['id']; +if (isset($_POST['id']) && is_numericint($_POST['id'])) + $id = $_POST['id']; if (isset($id) && $a_pool[$id]) { $pconfig['name'] = $a_pool[$id]['name']; diff --git a/usr/local/www/load_balancer_relay_action_edit.php b/usr/local/www/load_balancer_relay_action_edit.php index 44f0ecb..72904e7 100755 --- a/usr/local/www/load_balancer_relay_action_edit.php +++ b/usr/local/www/load_balancer_relay_action_edit.php @@ -45,10 +45,10 @@ if (!is_array($config['load_balancer']['lbaction'])) { } $a_action = &$config['load_balancer']['lbaction']; -if (isset($_POST['id'])) - $id = $_POST['id']; -else +if (is_numericint($_GET['id'])) $id = $_GET['id']; +if (isset($_POST['id']) && is_numericint($_POST['id'])) + $id = $_POST['id']; if (isset($id) && $a_action[$id]) { $pconfig = array(); diff --git a/usr/local/www/load_balancer_relay_protocol_edit.php b/usr/local/www/load_balancer_relay_protocol_edit.php index 9dd02a0..6de04f6 100755 --- a/usr/local/www/load_balancer_relay_protocol_edit.php +++ b/usr/local/www/load_balancer_relay_protocol_edit.php @@ -46,10 +46,10 @@ if (!is_array($config['load_balancer']['lbprotocol'])) { } $a_protocol = &$config['load_balancer']['lbprotocol']; -if (isset($_POST['id'])) - $id = $_POST['id']; -else +if (is_numericint($_GET['id'])) $id = $_GET['id']; +if (isset($_POST['id']) && is_numericint($_POST['id'])) + $id = $_POST['id']; if (isset($id) && $a_protocol[$id]) { $pconfig = $a_protocol[$id]; diff --git a/usr/local/www/load_balancer_virtual_server_edit.php b/usr/local/www/load_balancer_virtual_server_edit.php index 4d7eb6a..63e7359 100755 --- a/usr/local/www/load_balancer_virtual_server_edit.php +++ b/usr/local/www/load_balancer_virtual_server_edit.php @@ -46,10 +46,10 @@ if (!is_array($config['load_balancer']['virtual_server'])) { } $a_vs = &$config['load_balancer']['virtual_server']; -if (isset($_POST['id'])) - $id = $_POST['id']; -else +if (is_numericint($_GET['id'])) $id = $_GET['id']; +if (isset($_POST['id']) && is_numericint($_POST['id'])) + $id = $_POST['id']; if (isset($id) && $a_vs[$id]) { $pconfig = $a_vs[$id]; diff --git a/usr/local/www/services_captiveportal.php b/usr/local/www/services_captiveportal.php index a387ede..d8d5664 100755 --- a/usr/local/www/services_captiveportal.php +++ b/usr/local/www/services_captiveportal.php @@ -978,7 +978,7 @@ function enable_change(enable_change) { <tr> <td width="22%" valign="top"> </td> <td width="78%"> - <?php echo "<input name='zone' id='zone' type='hidden' value='{$cpzone}'/>"; ?> + <?php echo "<input name='zone' id='zone' type='hidden' value='" . htmlspecialchars($cpzone) . "'/>"; ?> <input name="Submit" type="submit" class="formbtn" value="<?=gettext("Save"); ?>" onClick="enable_change(true)"> <a href="services_captiveportal_zones.php"><input name="Cancel" type="button" class="formbtn" value="<?=gettext("Cancel"); ?>" onClick="enable_change(true)"></a> </td> diff --git a/usr/local/www/services_captiveportal_filemanager.php b/usr/local/www/services_captiveportal_filemanager.php index 285fd36..5ad51b4 100755 --- a/usr/local/www/services_captiveportal_filemanager.php +++ b/usr/local/www/services_captiveportal_filemanager.php @@ -138,7 +138,7 @@ include("head.inc"); <?php include("fbegin.inc"); ?> <body link="#0000CC" vlink="#0000CC" alink="#0000CC"> <form action="services_captiveportal_filemanager.php" method="post" enctype="multipart/form-data" name="iform" id="iform"> -<input type="hidden" name="zone" id="zone" value="<?=$cpzone;?>" /> +<input type="hidden" name="zone" id="zone" value="<?=htmlspecialchars($cpzone);?>" /> <?php if ($input_errors) print_input_errors($input_errors); ?> <table width="100%" border="0" cellpadding="0" cellspacing="0"> <tr><td class="tabnavtbl"> diff --git a/usr/local/www/services_captiveportal_hostname.php b/usr/local/www/services_captiveportal_hostname.php index f9b2a8a..e39d529 100755 --- a/usr/local/www/services_captiveportal_hostname.php +++ b/usr/local/www/services_captiveportal_hostname.php @@ -98,7 +98,7 @@ include("head.inc"); <?php include("fbegin.inc"); ?> <body link="#0000CC" vlink="#0000CC" alink="#0000CC"> <form action="services_captiveportal_hostname.php" method="post"> -<input type="hidden" name="zone" id="zone" value="<?=$cpzone;?>" /> +<input type="hidden" name="zone" id="zone" value="<?=htmlspecialchars($cpzone);?>" /> <?php if ($savemsg) print_info_box($savemsg); ?> <table width="100%" border="0" cellpadding="0" cellspacing="0"> <tr><td class="tabnavtbl"> diff --git a/usr/local/www/services_captiveportal_hostname_edit.php b/usr/local/www/services_captiveportal_hostname_edit.php index f7f3308..b5316b2 100755 --- a/usr/local/www/services_captiveportal_hostname_edit.php +++ b/usr/local/www/services_captiveportal_hostname_edit.php @@ -72,8 +72,9 @@ if (!is_array($config['captiveportal'])) $config['captiveportal'] = array(); $a_cp =& $config['captiveportal']; -$id = $_GET['id']; -if (isset($_POST['id'])) +if (is_numericint($_GET['id'])) + $id = $_GET['id']; +if (isset($_POST['id']) && is_numericint($_POST['id'])) $id = $_POST['id']; if (!is_array($a_cp[$cpzone]['allowedhostname'])) diff --git a/usr/local/www/services_captiveportal_ip.php b/usr/local/www/services_captiveportal_ip.php index 2a3d50f..0c53f4f 100755 --- a/usr/local/www/services_captiveportal_ip.php +++ b/usr/local/www/services_captiveportal_ip.php @@ -93,7 +93,7 @@ include("head.inc"); <?php include("fbegin.inc"); ?> <body link="#0000CC" vlink="#0000CC" alink="#0000CC"> <form action="services_captiveportal_ip.php" method="post"> -<input type="hidden" name="zone" id="zone" value="<?=$cpzone;?>" /> +<input type="hidden" name="zone" id="zone" value="<?=htmlspecialchars($cpzone);?>" /> <?php if ($savemsg) print_info_box($savemsg); ?> <table width="100%" border="0" cellpadding="0" cellspacing="0"> <tr><td class="tabnavtbl"> diff --git a/usr/local/www/services_captiveportal_ip_edit.php b/usr/local/www/services_captiveportal_ip_edit.php index f16532c..7473fc3 100755 --- a/usr/local/www/services_captiveportal_ip_edit.php +++ b/usr/local/www/services_captiveportal_ip_edit.php @@ -73,8 +73,9 @@ if (!is_array($config['captiveportal'])) $config['captiveportal'] = array(); $a_cp =& $config['captiveportal']; -$id = $_GET['id']; -if (isset($_POST['id'])) +if (is_numericint($_GET['id'])) + $id = $_GET['id']; +if (isset($_POST['id']) && is_numericint($_POST['id'])) $id = $_POST['id']; if (!is_array($config['captiveportal'][$cpzone]['allowedip'])) diff --git a/usr/local/www/services_captiveportal_mac.php b/usr/local/www/services_captiveportal_mac.php index 1f516de..bac686b 100755 --- a/usr/local/www/services_captiveportal_mac.php +++ b/usr/local/www/services_captiveportal_mac.php @@ -150,7 +150,7 @@ include("head.inc"); <?php include("fbegin.inc"); ?> <body link="#0000CC" vlink="#0000CC" alink="#0000CC"> <form action="services_captiveportal_mac.php" method="post"> -<input type="hidden" name="zone" id="zone" value="<?=$cpzone;?>"/> +<input type="hidden" name="zone" id="zone" value="<?=htmlspecialchars($cpzone);?>"/> <?php if ($savemsg) print_info_box($savemsg); ?> <?php if (is_subsystem_dirty('passthrumac')): ?><p> <?php print_info_box_np(gettext("The captive portal MAC address configuration has been changed.<br>You must apply the changes in order for them to take effect."));?><br> diff --git a/usr/local/www/services_captiveportal_mac_edit.php b/usr/local/www/services_captiveportal_mac_edit.php index da41e0a..76a67f7 100755 --- a/usr/local/www/services_captiveportal_mac_edit.php +++ b/usr/local/www/services_captiveportal_mac_edit.php @@ -70,8 +70,9 @@ if (!is_array($config['captiveportal'])) $config['captiveportal'] = array(); $a_cp =& $config['captiveportal']; -$id = $_GET['id']; -if (isset($_POST['id'])) +if (is_numericint($_GET['id'])) + $id = $_GET['id']; +if (isset($_POST['id']) && is_numericint($_POST['id'])) $id = $_POST['id']; if (!is_array($a_cp[$cpzone]['passthrumac'])) diff --git a/usr/local/www/services_captiveportal_vouchers.php b/usr/local/www/services_captiveportal_vouchers.php index a7edc3d..9fecd0e 100644 --- a/usr/local/www/services_captiveportal_vouchers.php +++ b/usr/local/www/services_captiveportal_vouchers.php @@ -629,7 +629,7 @@ function enable_change(enable_change) { <tr> <td width="22%" valign="top"> </td> <td width="78%"> - <input type="hidden" name="zone" id="zone" value="<?=$cpzone;?>" /> + <input type="hidden" name="zone" id="zone" value="<?=htmlspecialchars($cpzone);?>" /> <input type="hidden" name="exponent" id="exponent" value="<?=$pconfig['exponent'];?>" /> <input name="Submit" type="submit" class="formbtn" value="<?=gettext("Save"); ?>" onClick="enable_change(true); before_save();"> <input type="button" class="formbtn" value="<?=gettext("Cancel"); ?>" onclick="history.back()"> diff --git a/usr/local/www/services_captiveportal_vouchers_edit.php b/usr/local/www/services_captiveportal_vouchers_edit.php index daf5565..83f55c2 100644 --- a/usr/local/www/services_captiveportal_vouchers_edit.php +++ b/usr/local/www/services_captiveportal_vouchers_edit.php @@ -67,8 +67,9 @@ if (!is_array($config['voucher'][$cpzone]['roll'])) { } $a_roll = &$config['voucher'][$cpzone]['roll']; -$id = $_GET['id']; -if (isset($_POST['id'])) +if (is_numericint($_GET['id'])) + $id = $_GET['id']; +if (isset($_POST['id']) && is_numericint($_POST['id'])) $id = $_POST['id']; if (isset($id) && $a_roll[$id]) { diff --git a/usr/local/www/services_dhcp_edit.php b/usr/local/www/services_dhcp_edit.php index a132478..2bca379 100755 --- a/usr/local/www/services_dhcp_edit.php +++ b/usr/local/www/services_dhcp_edit.php @@ -86,8 +86,9 @@ $ifcfgip = get_interface_ip($if); $ifcfgsn = get_interface_subnet($if); $ifcfgdescr = convert_friendly_interface_to_friendly_descr($if); -$id = $_GET['id']; -if (isset($_POST['id'])) +if (is_numericint($_GET['id'])) + $id = $_GET['id']; +if (isset($_POST['id']) && is_numericint($_POST['id'])) $id = $_POST['id']; if (isset($id) && $a_maps[$id]) { diff --git a/usr/local/www/services_dhcpv6_edit.php b/usr/local/www/services_dhcpv6_edit.php index a4e48e6..c746321 100644 --- a/usr/local/www/services_dhcpv6_edit.php +++ b/usr/local/www/services_dhcpv6_edit.php @@ -82,8 +82,9 @@ $ifcfgipv6 = get_interface_ipv6($if); $ifcfgsnv6 = get_interface_subnetv6($if); $ifcfgdescr = convert_friendly_interface_to_friendly_descr($if); -$id = $_GET['id']; -if (isset($_POST['id'])) +if (is_numericint($_GET['id'])) + $id = $_GET['id']; +if (isset($_POST['id']) && is_numericint($_POST['id'])) $id = $_POST['id']; if (isset($id) && $a_maps[$id]) { diff --git a/usr/local/www/services_dnsmasq_domainoverride_edit.php b/usr/local/www/services_dnsmasq_domainoverride_edit.php index 3cf2fc3..048ce28 100755 --- a/usr/local/www/services_dnsmasq_domainoverride_edit.php +++ b/usr/local/www/services_dnsmasq_domainoverride_edit.php @@ -45,9 +45,10 @@ if (!is_array($config['dnsmasq']['domainoverrides'])) { } $a_domainOverrides = &$config['dnsmasq']['domainoverrides']; -$id = $_GET['id']; -if (isset($_POST['id'])) - $id = $_POST['id']; +if (is_numericint($_GET['id'])) + $id = $_GET['id']; +if (isset($_POST['id']) && is_numericint($_POST['id'])) + $id = $_POST['id']; if (isset($id) && $a_domainOverrides[$id]) { $pconfig['domain'] = $a_domainOverrides[$id]['domain']; diff --git a/usr/local/www/services_dnsmasq_edit.php b/usr/local/www/services_dnsmasq_edit.php index 33a7918..d6e0b61 100755 --- a/usr/local/www/services_dnsmasq_edit.php +++ b/usr/local/www/services_dnsmasq_edit.php @@ -59,8 +59,9 @@ if (!is_array($config['dnsmasq']['hosts'])) $a_hosts = &$config['dnsmasq']['hosts']; -$id = $_GET['id']; -if (isset($_POST['id'])) +if (is_numericint($_GET['id'])) + $id = $_GET['id']; +if (isset($_POST['id']) && is_numericint($_POST['id'])) $id = $_POST['id']; if (isset($id) && $a_hosts[$id]) { diff --git a/usr/local/www/services_dyndns_edit.php b/usr/local/www/services_dyndns_edit.php index 09f9e6b..adc6710 100644 --- a/usr/local/www/services_dyndns_edit.php +++ b/usr/local/www/services_dyndns_edit.php @@ -56,8 +56,9 @@ if (!is_array($config['dyndnses']['dyndns'])) { $a_dyndns = &$config['dyndnses']['dyndns']; -$id = $_GET['id']; -if (isset($_POST['id'])) +if (is_numericint($_GET['id'])) + $id = $_GET['id']; +if (isset($_POST['id']) && is_numericint($_POST['id'])) $id = $_POST['id']; if (isset($id) && isset($a_dyndns[$id])) { diff --git a/usr/local/www/services_igmpproxy_edit.php b/usr/local/www/services_igmpproxy_edit.php index 92fb71b..9d5fda5 100755 --- a/usr/local/www/services_igmpproxy_edit.php +++ b/usr/local/www/services_igmpproxy_edit.php @@ -53,8 +53,9 @@ if (!is_array($config['igmpproxy']['igmpentry'])) //igmpproxy_sort(); $a_igmpproxy = &$config['igmpproxy']['igmpentry']; -$id = $_GET['id']; -if (isset($_POST['id'])) +if (is_numericint($_GET['id'])) + $id = $_GET['id']; +if (isset($_POST['id']) && is_numericint($_POST['id'])) $id = $_POST['id']; if (isset($id) && $a_igmpproxy[$id]) { diff --git a/usr/local/www/services_rfc2136_edit.php b/usr/local/www/services_rfc2136_edit.php index 965940f..ebd977d 100644 --- a/usr/local/www/services_rfc2136_edit.php +++ b/usr/local/www/services_rfc2136_edit.php @@ -37,8 +37,9 @@ if (!is_array($config['dnsupdates']['dnsupdate'])) { $a_rfc2136 = &$config['dnsupdates']['dnsupdate']; -$id = $_GET['id']; -if (isset($_POST['id'])) +if (is_numericint($_GET['id'])) + $id = $_GET['id']; +if (isset($_POST['id']) && is_numericint($_POST['id'])) $id = $_POST['id']; if (isset($id) && isset($a_rfc2136[$id])) { diff --git a/usr/local/www/services_wol_edit.php b/usr/local/www/services_wol_edit.php index ca31048..437e7bcb 100755 --- a/usr/local/www/services_wol_edit.php +++ b/usr/local/www/services_wol_edit.php @@ -56,8 +56,9 @@ if (!is_array($config['wol']['wolentry'])) { } $a_wol = &$config['wol']['wolentry']; -$id = $_GET['id']; -if (isset($_POST['id'])) +if (is_numericint($_GET['id'])) + $id = $_GET['id']; +if (isset($_POST['id']) && is_numericint($_POST['id'])) $id = $_POST['id']; if (isset($id) && $a_wol[$id]) { diff --git a/usr/local/www/status_captiveportal.php b/usr/local/www/status_captiveportal.php index 2325b3c..5288258 100755 --- a/usr/local/www/status_captiveportal.php +++ b/usr/local/www/status_captiveportal.php @@ -188,7 +188,7 @@ $mac_man = load_mac_manufacturer_table(); <?php endif; ?> <form action="status_captiveportal.php" method="get" style="margin: 14px;"> -<input type="hidden" name="order" value="<?=$_GET['order'];?>" /> +<input type="hidden" name="order" value="<?=htmlspecialchars($_GET['order']);?>" /> <?php if (!empty($cpzone)): ?> <?php if ($_GET['showact']): ?> <input type="hidden" name="showact" value="0" /> @@ -197,7 +197,7 @@ $mac_man = load_mac_manufacturer_table(); <input type="hidden" name="showact" value="1" /> <input type="submit" class="formbtn" value="<?=gettext("Show last activity");?>" /> <?php endif; ?> -<input type="hidden" name="zone" value="<?=$cpzone;?>" /> +<input type="hidden" name="zone" value="<?=htmlspecialchars($cpzone);?>" /> <?php endif; ?> </form> <?php include("fend.inc"); ?> diff --git a/usr/local/www/status_captiveportal_expire.php b/usr/local/www/status_captiveportal_expire.php index 048df4d..48d3f05 100644 --- a/usr/local/www/status_captiveportal_expire.php +++ b/usr/local/www/status_captiveportal_expire.php @@ -88,7 +88,7 @@ include("fbegin.inc"); <tr> <td width="22%" valign="top"> </td> <td width="78%"> - <input name="zone" type="hidden" value="<?=$cpzone;?>"> + <input name="zone" type="hidden" value="<?=htmlspecialchars($cpzone);?>"> <input name="Submit" type="submit" class="formbtn" value="<?=gettext("Submit"); ?>"> </td> </tr> diff --git a/usr/local/www/status_captiveportal_test.php b/usr/local/www/status_captiveportal_test.php index 8e7ece7..a0cafbd 100644 --- a/usr/local/www/status_captiveportal_test.php +++ b/usr/local/www/status_captiveportal_test.php @@ -90,7 +90,7 @@ include("fbegin.inc"); <tr> <td width="22%" valign="top"> </td> <td width="78%"> - <input name="zone" type="hidden" value="<?=$cpzone;?>"> + <input name="zone" type="hidden" value="<?=htmlspecialchars($cpzone);?>"> <input name="Submit" type="submit" class="formbtn" value="<?=gettext("Submit"); ?>"> </td> </tr> diff --git a/usr/local/www/status_wireless.php b/usr/local/www/status_wireless.php index 47da215..f18c9b5 100755 --- a/usr/local/www/status_wireless.php +++ b/usr/local/www/status_wireless.php @@ -89,7 +89,7 @@ display_top_tabs($tab_array); </td></tr> <tr><td> <div id="mainarea" class="tabcont"> -<input type="hidden" name="if" id="if" value="<?php echo $if; ?>"> +<input type="hidden" name="if" id="if" value="<?php echo htmlspecialchars($if); ?>"> <b><input type="submit" name="rescanwifi" id="rescanwifi" value="Rescan"></b><br/><br/> <b><?php echo gettext("Nearby access points or ad-hoc peers"); ?></b> <table class="tabcont sortable" colspan="3" cellpadding="3" width="100%"> diff --git a/usr/local/www/system_advanced_sysctl.php b/usr/local/www/system_advanced_sysctl.php index da1aef3..a7b1cee 100644 --- a/usr/local/www/system_advanced_sysctl.php +++ b/usr/local/www/system_advanced_sysctl.php @@ -50,8 +50,9 @@ if (!is_array($config['sysctl']['item'])) $a_tunable = &$config['sysctl']['item']; -$id = $_GET['id']; -if (isset($_POST['id'])) +if (is_numericint($_GET['id'])) + $id = $_GET['id']; +if (isset($_POST['id']) && is_numericint($_POST['id'])) $id = $_POST['id']; $act = $_GET['act']; @@ -257,7 +258,7 @@ include("head.inc"); <input id="submit" name="Submit" type="submit" class="formbtn" value="<?=gettext("Save"); ?>" /> <input id="cancelbutton" name="cancelbutton" type="button" class="formbtn" value="<?=gettext("Cancel"); ?>" onclick="history.back()" /> <?php if (isset($id) && $a_tunable[$id]): ?> - <input name="id" type="hidden" value="<?=$id;?>" /> + <input name="id" type="hidden" value="<?=htmlspecialchars($id);?>" /> <?php endif; ?> </td> </tr> diff --git a/usr/local/www/system_authservers.php b/usr/local/www/system_authservers.php index 66b188e..e24e913 100644 --- a/usr/local/www/system_authservers.php +++ b/usr/local/www/system_authservers.php @@ -44,8 +44,9 @@ require_once("auth.inc"); $pgtitle = array(gettext("System"), gettext("Authentication Servers")); $shortcut_section = "authentication"; -$id = $_GET['id']; -if (isset($_POST['id'])) +if (is_numericint($_GET['id'])) + $id = $_GET['id']; +if (isset($_POST['id']) && is_numericint($_POST['id'])) $id = $_POST['id']; if (!is_array($config['system']['authserver'])) @@ -788,7 +789,7 @@ function select_clicked() { <td width="78%"> <input id="submit" name="save" type="submit" class="formbtn" value="<?=gettext("Save");?>" /> <?php if (isset($id) && $a_server[$id]): ?> - <input name="id" type="hidden" value="<?=$id;?>" /> + <input name="id" type="hidden" value="<?=htmlspecialchars($id);?>" /> <?php endif;?> </td> </tr> diff --git a/usr/local/www/system_camanager.php b/usr/local/www/system_camanager.php index a659239..0eb743a 100644 --- a/usr/local/www/system_camanager.php +++ b/usr/local/www/system_camanager.php @@ -50,8 +50,9 @@ $openssl_digest_algs = array("sha1", "sha224", "sha256", "sha384", "sha512"); $pgtitle = array(gettext("System"), gettext("Certificate Authority Manager")); -$id = $_GET['id']; -if (isset($_POST['id'])) +if (is_numericint($_GET['id'])) + $id = $_GET['id']; +if (isset($_POST['id']) && is_numericint($_POST['id'])) $id = $_POST['id']; if (!is_array($config['ca'])) @@ -369,7 +370,7 @@ function method_change() { <form action="system_camanager.php" method="post" name="iform" id="iform"> <?php if ($act == "edit"): ?> <input type="hidden" name="edit" value="edit" id="edit" /> - <input type="hidden" name="id" value="<?php echo $id; ?>" id="id" /> + <input type="hidden" name="id" value="<?php echo htmlspecialchars($id); ?>" id="id" /> <input type="hidden" name="refid" value="<?php echo $pconfig['refid']; ?>" id="refid" /> <?php endif; ?> <table width="100%" border="0" cellpadding="6" cellspacing="0" summary="main area"> @@ -577,7 +578,7 @@ function method_change() { <td width="78%"> <input id="submit" name="save" type="submit" class="formbtn" value="<?=gettext("Save"); ?>" /> <?php if (isset($id) && $a_ca[$id]): ?> - <input name="id" type="hidden" value="<?=$id;?>" /> + <input name="id" type="hidden" value="<?=htmlspecialchars($id);?>" /> <?php endif;?> </td> </tr> diff --git a/usr/local/www/system_certmanager.php b/usr/local/www/system_certmanager.php index 7acc2eb..38993c6 100644 --- a/usr/local/www/system_certmanager.php +++ b/usr/local/www/system_certmanager.php @@ -56,18 +56,21 @@ $openssl_digest_algs = array("sha1", "sha224", "sha256", "sha384", "sha512"); $pgtitle = array(gettext("System"), gettext("Certificate Manager")); -$userid = $_GET['userid']; -if (isset($_POST['userid'])) +if (is_numericint($_GET['userid'])) + $userid = $_GET['userid']; +if (isset($_POST['userid']) && is_numericint($_POST['userid'])) $userid = $_POST['userid']; -if (is_numeric($userid)) { + +if (isset($userid)) { $cert_methods["existing"] = gettext("Choose an existing certificate"); if (!is_array($config['system']['user'])) $config['system']['user'] = array(); $a_user =& $config['system']['user']; } -$id = $_GET['id']; -if (isset($_POST['id'])) +if (is_numericint($_GET['id'])) + $id = $_GET['id']; +if (isset($_POST['id']) && is_numericint($_POST['id'])) $id = $_POST['id']; if (!is_array($config['ca'])) @@ -969,7 +972,7 @@ function internalca_change() { <td width="22%" valign="top" class="vncellreq"><?=gettext("Existing Certificates");?></td> <td width="78%" class="vtable"> <?php if (isset($userid) && $a_user): ?> - <input name="userid" type="hidden" value="<?=$userid;?>" /> + <input name="userid" type="hidden" value="<?=htmlspecialchars($userid);?>" /> <?php endif;?> <select name='certref' class="formselect"> <?php @@ -1003,7 +1006,7 @@ function internalca_change() { <td width="78%"> <input id="submit" name="save" type="submit" class="formbtn" value="<?=gettext("Save");?>" /> <?php if (isset($id) && $a_cert[$id]): ?> - <input name="id" type="hidden" value="<?=$id;?>" /> + <input name="id" type="hidden" value="<?=htmlspecialchars($id);?>" /> <?php endif;?> </td> </tr> @@ -1056,7 +1059,7 @@ function internalca_change() { <?php endif; */ ?> <input id="submit" name="save" type="submit" class="formbtn" value="<?=gettext("Update");?>" /> <?php if (isset($id) && $a_cert[$id]): ?> - <input name="id" type="hidden" value="<?=$id;?>" /> + <input name="id" type="hidden" value="<?=htmlspecialchars($id);?>" /> <input name="act" type="hidden" value="csr" /> <?php endif;?> </td> diff --git a/usr/local/www/system_crlmanager.php b/usr/local/www/system_crlmanager.php index 3b6bb5f..5d244a1 100644 --- a/usr/local/www/system_crlmanager.php +++ b/usr/local/www/system_crlmanager.php @@ -49,8 +49,9 @@ $crl_methods = array( "internal" => gettext("Create an internal Certificate Revocation List"), "existing" => gettext("Import an existing Certificate Revocation List")); -$id = $_GET['id']; -if (isset($_POST['id'])) +if (is_numericint($_GET['id'])) + $id = $_GET['id']; +if (isset($_POST['id']) && is_numericint($_POST['id'])) $id = $_POST['id']; if (!is_array($config['ca'])) @@ -388,7 +389,7 @@ function method_change() { <td width="78%"> <input id="submit" name="save" type="submit" class="formbtn" value="<?=gettext("Save"); ?>" /> <?php if (isset($id) && $thiscrl): ?> - <input name="id" type="hidden" value="<?=$id;?>" /> + <input name="id" type="hidden" value="<?=htmlspecialchars($id);?>" /> <?php endif;?> </td> </tr> @@ -419,7 +420,7 @@ function method_change() { <td width="22%" valign="top"> </td> <td width="78%"> <input id="submit" name="save" type="submit" class="formbtn" value="<?=gettext("Save"); ?>" /> - <input name="id" type="hidden" value="<?=$id;?>" /> + <input name="id" type="hidden" value="<?=htmlspecialchars($id);?>" /> <input name="act" type="hidden" value="editimported" /> </td> </tr> @@ -637,4 +638,4 @@ method_change(); </script> </body> -</html>
\ No newline at end of file +</html> diff --git a/usr/local/www/system_gateway_groups_edit.php b/usr/local/www/system_gateway_groups_edit.php index fadc283..ecab27a 100755 --- a/usr/local/www/system_gateway_groups_edit.php +++ b/usr/local/www/system_gateway_groups_edit.php @@ -55,13 +55,13 @@ $categories = array('down' => gettext("Member Down"), 'downlatency' => gettext("High Latency"), 'downlosslatency' => gettext("Packet Loss or High Latency")); -$id = $_GET['id']; -if (isset($_POST['id'])) +if (is_numericint($_GET['id'])) + $id = $_GET['id']; +if (isset($_POST['id']) && is_numericint($_POST['id'])) $id = $_POST['id']; -if (isset($_GET['dup'])) { +if (isset($_GET['dup']) && is_numericint($_GET['dup'])) $id = $_GET['dup']; -} if (isset($id) && $a_gateway_groups[$id]) { $pconfig['name'] = $a_gateway_groups[$id]['name']; @@ -70,7 +70,7 @@ if (isset($id) && $a_gateway_groups[$id]) { $pconfig['trigger'] = $a_gateway_groups[$id]['trigger']; } -if (isset($_GET['dup'])) +if (isset($_GET['dup']) && is_numericint($_GET['dup'])) unset($id); if ($_POST) { diff --git a/usr/local/www/system_gateways_edit.php b/usr/local/www/system_gateways_edit.php index b82bb31..4e46a16 100755 --- a/usr/local/www/system_gateways_edit.php +++ b/usr/local/www/system_gateways_edit.php @@ -55,13 +55,13 @@ if (!is_array($config['gateways']['gateway_item'])) $a_gateway_item = &$config['gateways']['gateway_item']; $apinger_default = return_apinger_defaults(); -$id = $_GET['id']; -if (isset($_POST['id'])) +if (is_numericint($_GET['id'])) + $id = $_GET['id']; +if (isset($_POST['id']) && is_numericint($_POST['id'])) $id = $_POST['id']; -if (isset($_GET['dup'])) { +if (isset($_GET['dup']) && is_numericint($_GET['dup'])) $id = $_GET['dup']; -} if (isset($id) && $a_gateways[$id]) { $pconfig = array(); @@ -86,7 +86,7 @@ if (isset($id) && $a_gateways[$id]) { $pconfig['attribute'] = $a_gateways[$id]['attribute']; } -if (isset($_GET['dup'])) { +if (isset($_GET['dup']) && is_numericint($_GET['dup'])) { unset($id); unset($pconfig['attribute']); } diff --git a/usr/local/www/system_groupmanager_addprivs.php b/usr/local/www/system_groupmanager_addprivs.php index 29f0193..1c20a07 100644 --- a/usr/local/www/system_groupmanager_addprivs.php +++ b/usr/local/www/system_groupmanager_addprivs.php @@ -55,8 +55,9 @@ require("guiconfig.inc"); $pgtitle = array(gettext("System"),gettext("Group manager"),gettext("Add privileges")); -$groupid = $_GET['groupid']; -if (isset($_POST['groupid'])) +if (is_numericint($_GET['groupid'])) + $groupid = $_GET['groupid']; +if (isset($_POST['groupid']) && is_numericint($_POST['groupid'])) $groupid = $_POST['groupid']; $a_group = & $config['system']['group'][$groupid]; @@ -224,7 +225,7 @@ function update_description() { <input id="submitt" name="Submit" type="submit" class="formbtn" value="<?=gettext("Save");?>" /> <input id="cancelbutton" class="formbtn" type="button" value="<?=gettext("Cancel");?>" onclick="history.back()" /> <?php if (isset($groupid)): ?> - <input name="groupid" type="hidden" value="<?=$groupid;?>" /> + <input name="groupid" type="hidden" value="<?=htmlspecialchars($groupid);?>" /> <?php endif; ?> </td> </tr> diff --git a/usr/local/www/system_routes_edit.php b/usr/local/www/system_routes_edit.php index 631fab0..93a0f7c 100755 --- a/usr/local/www/system_routes_edit.php +++ b/usr/local/www/system_routes_edit.php @@ -63,13 +63,13 @@ if (!is_array($config['staticroutes']['route'])) $a_routes = &$config['staticroutes']['route']; $a_gateways = return_gateways_array(true, true); -$id = $_GET['id']; -if (isset($_POST['id'])) +if (is_numericint($_GET['id'])) + $id = $_GET['id']; +if (isset($_POST['id']) && is_numericint($_POST['id'])) $id = $_POST['id']; -if (isset($_GET['dup'])) { +if (isset($_GET['dup']) && is_numericint($_GET['dup'])) $id = $_GET['dup']; -} if (isset($id) && $a_routes[$id]) { list($pconfig['network'],$pconfig['network_subnet']) = @@ -79,7 +79,7 @@ if (isset($id) && $a_routes[$id]) { $pconfig['disabled'] = isset($a_routes[$id]['disabled']); } -if (isset($_GET['dup'])) +if (isset($_GET['dup']) && is_numericint($_GET['dup'])) unset($id); if ($_POST) { diff --git a/usr/local/www/system_usermanager.php b/usr/local/www/system_usermanager.php index 5cdaae3..719b187 100644 --- a/usr/local/www/system_usermanager.php +++ b/usr/local/www/system_usermanager.php @@ -53,8 +53,9 @@ require("guiconfig.inc"); // start admin user code $pgtitle = array(gettext("System"),gettext("User Manager")); -$id = $_GET['id']; -if (isset($_POST['id'])) +if (is_numericint($_GET['id'])) + $id = $_GET['id']; +if (isset($_POST['id']) && is_numericint($_POST['id'])) $id = $_POST['id']; if (!is_array($config['system']['user'])) @@ -773,7 +774,7 @@ function sshkeyClicked(obj) { <td width="78%"> <input id="submit" name="save" type="submit" class="formbtn" value="<?=gettext("Save");?>" /> <?php if (isset($id) && $a_user[$id]): ?> - <input name="id" type="hidden" value="<?=$id;?>" /> + <input name="id" type="hidden" value="<?=htmlspecialchars($id);?>" /> <?php endif;?> </td> </tr> diff --git a/usr/local/www/system_usermanager_addprivs.php b/usr/local/www/system_usermanager_addprivs.php index ba5aad9..b93ad9c 100644 --- a/usr/local/www/system_usermanager_addprivs.php +++ b/usr/local/www/system_usermanager_addprivs.php @@ -46,8 +46,9 @@ require("guiconfig.inc"); $pgtitle = array("System","User manager","Add privileges"); -$userid = $_GET['userid']; -if (isset($_POST['userid'])) +if (is_numericint($_GET['userid'])) + $userid = $_GET['userid']; +if (isset($_POST['userid']) && is_numericint($_POST['userid'])) $userid = $_POST['userid']; $a_user = & $config['system']['user'][$userid]; @@ -195,7 +196,7 @@ function update_description() { <input id="submitt" name="Submit" type="submit" class="formbtn" value="<?=gettext("Save");?>" /> <input id="cancelbutton" class="formbtn" type="button" value="<?=gettext("Cancel");?>" onclick="history.back()" /> <?php if (isset($userid)): ?> - <input name="userid" type="hidden" value="<?=$userid;?>" /> + <input name="userid" type="hidden" value="<?=htmlspecialchars($userid);?>" /> <?php endif; ?> </td> </tr> diff --git a/usr/local/www/vpn_ipsec_keys_edit.php b/usr/local/www/vpn_ipsec_keys_edit.php index 4863943..fdb1b8f 100644 --- a/usr/local/www/vpn_ipsec_keys_edit.php +++ b/usr/local/www/vpn_ipsec_keys_edit.php @@ -46,8 +46,9 @@ if (!is_array($config['ipsec']['mobilekey'])) { ipsec_mobilekey_sort(); $a_secret = &$config['ipsec']['mobilekey']; -$id = $_GET['id']; -if (isset($_POST['id'])) +if (is_numericint($_GET['id'])) + $id = $_GET['id']; +if (isset($_POST['id']) && is_numericint($_POST['id'])) $id = $_POST['id']; if (isset($id) && $a_secret[$id]) { diff --git a/usr/local/www/vpn_ipsec_phase1.php b/usr/local/www/vpn_ipsec_phase1.php index 9d850df..f69cfd3 100644 --- a/usr/local/www/vpn_ipsec_phase1.php +++ b/usr/local/www/vpn_ipsec_phase1.php @@ -50,17 +50,17 @@ if (!is_array($config['ipsec']['phase2'])) $a_phase1 = &$config['ipsec']['phase1']; $a_phase2 = &$config['ipsec']['phase2']; -$p1index = $_GET['p1index']; -if (isset($_POST['p1index'])) +if (is_numericint($_GET['p1index'])) + $p1index = $_GET['p1index']; +if (isset($_POST['p1index']) && is_numericint($_GET['p1index'])) $p1index = $_POST['p1index']; -if (isset($_GET['dup'])) { +if (isset($_GET['dup']) && is_numericint($_GET['dup'])) $p1index = $_GET['dup']; -} if (isset($p1index) && $a_phase1[$p1index]) { // don't copy the ikeid on dup - if (!isset($_GET['dup'])) + if (!isset($_GET['dup']) || !is_numericint($_GET['dup'])) $pconfig['ikeid'] = $a_phase1[$p1index]['ikeid']; $old_ph1ent = $a_phase1[$p1index]; @@ -132,7 +132,7 @@ if (isset($p1index) && $a_phase1[$p1index]) { $pconfig['mobile']=true; } -if (isset($_GET['dup'])) +if (isset($_GET['dup']) && is_numericint($_GET['dup'])) unset($p1index); if ($_POST) { @@ -892,7 +892,7 @@ function dpdchkbox_change() { <td width="22%" valign="top"> </td> <td width="78%"> <?php if (isset($p1index) && $a_phase1[$p1index]): ?> - <input name="p1index" type="hidden" value="<?=$p1index;?>"/> + <input name="p1index" type="hidden" value="<?=htmlspecialchars($p1index);?>"/> <?php endif; ?> <?php if ($pconfig['mobile']): ?> <input name="mobile" type="hidden" value="true"/> diff --git a/usr/local/www/vpn_ipsec_phase2.php b/usr/local/www/vpn_ipsec_phase2.php index cec02ed..b2643c7 100644 --- a/usr/local/www/vpn_ipsec_phase2.php +++ b/usr/local/www/vpn_ipsec_phase2.php @@ -51,11 +51,12 @@ if (!is_array($config['ipsec']['phase2'])) $a_phase2 = &$config['ipsec']['phase2']; -$p2index = $_GET['p2index']; -if (isset($_POST['p2index'])) +if (is_numericint($_GET['p2index'])) + $p2index = $_GET['p2index']; +if (isset($_POST['p2index']) && is_numericint($_GET['p2index'])) $p2index = $_POST['p2index']; -if (isset($_GET['dup'])) +if (isset($_GET['dup']) && is_numericint($_GET['dup'])) $p2index = $_GET['dup']; if (isset($p2index) && $a_phase2[$p2index]) @@ -99,7 +100,7 @@ else $pconfig['mobile']=true; } -if (isset($_GET['dup'])) +if (isset($_GET['dup']) && is_numericint($_GET['dup'])) unset($p2index); if ($_POST) { @@ -782,7 +783,7 @@ function change_protocol() { <td width="22%" valign="top"> </td> <td width="78%"> <?php if (isset($p2index) && $a_phase2[$p2index]): ?> - <input name="p2index" type="hidden" value="<?=$p2index;?>"/> + <input name="p2index" type="hidden" value="<?=htmlspecialchars($p2index);?>"/> <?php endif; ?> <?php if ($pconfig['mobile']): ?> <input name="mobile" type="hidden" value="true"/> diff --git a/usr/local/www/vpn_l2tp_users_edit.php b/usr/local/www/vpn_l2tp_users_edit.php index bae2a10..f56298f 100644 --- a/usr/local/www/vpn_l2tp_users_edit.php +++ b/usr/local/www/vpn_l2tp_users_edit.php @@ -59,8 +59,9 @@ if (!is_array($config['l2tp']['user'])) { } $a_secret = &$config['l2tp']['user']; -$id = $_GET['id']; -if (isset($_POST['id'])) +if (is_numericint($_GET['id'])) + $id = $_GET['id']; +if (isset($_POST['id']) && is_numericint($_POST['id'])) $id = $_POST['id']; if (isset($id) && $a_secret[$id]) { diff --git a/usr/local/www/vpn_openvpn_client.php b/usr/local/www/vpn_openvpn_client.php index c692959..bc4dfea 100644 --- a/usr/local/www/vpn_openvpn_client.php +++ b/usr/local/www/vpn_openvpn_client.php @@ -60,8 +60,9 @@ if (!is_array($config['crl'])) $a_crl =& $config['crl']; -$id = $_GET['id']; -if (isset($_POST['id'])) +if (is_numericint($_GET['id'])) + $id = $_GET['id']; +if (isset($_POST['id']) && is_numericint($_POST['id'])) $id = $_POST['id']; $act = $_GET['act']; @@ -922,7 +923,7 @@ if ($savemsg) <input name="save" type="submit" class="formbtn" value="<?=gettext("Save"); ?>"/> <input name="act" type="hidden" value="<?=$act;?>"/> <?php if (isset($id) && $a_client[$id]): ?> - <input name="id" type="hidden" value="<?=$id;?>"/> + <input name="id" type="hidden" value="<?=htmlspecialchars($id);?>"/> <?php endif; ?> </td> </tr> diff --git a/usr/local/www/vpn_openvpn_csc.php b/usr/local/www/vpn_openvpn_csc.php index 0d12dfb..aebea01 100644 --- a/usr/local/www/vpn_openvpn_csc.php +++ b/usr/local/www/vpn_openvpn_csc.php @@ -45,8 +45,9 @@ if (!is_array($config['openvpn']['openvpn-csc'])) $a_csc = &$config['openvpn']['openvpn-csc']; -$id = $_GET['id']; -if (isset($_POST['id'])) +if (is_numericint($_GET['id'])) + $id = $_GET['id']; +if (isset($_POST['id']) && is_numericint($_POST['id'])) $id = $_POST['id']; $act = $_GET['act']; @@ -660,7 +661,7 @@ function netbios_change() { <input name="save" type="submit" class="formbtn" value="<?=gettext("Save"); ?>"/> <input name="act" type="hidden" value="<?=$act;?>"/> <?php if (isset($id) && $a_csc[$id]): ?> - <input name="id" type="hidden" value="<?=$id;?>"/> + <input name="id" type="hidden" value="<?=htmlspecialchars($id);?>"/> <?php endif; ?> </td> </tr> diff --git a/usr/local/www/vpn_openvpn_server.php b/usr/local/www/vpn_openvpn_server.php index 4b47b3c..90e2b47 100644 --- a/usr/local/www/vpn_openvpn_server.php +++ b/usr/local/www/vpn_openvpn_server.php @@ -61,8 +61,9 @@ foreach ($a_crl as $cid => $acrl) if (!isset($acrl['refid'])) unset ($a_crl[$cid]); -$id = $_GET['id']; -if (isset($_POST['id'])) +if (is_numericint($_GET['id'])) + $id = $_GET['id']; +if (isset($_POST['id']) && is_numericint($_POST['id'])) $id = $_POST['id']; $act = $_GET['act']; @@ -1672,7 +1673,7 @@ if ($savemsg) <input name="save" type="submit" class="formbtn" value="<?=gettext("Save"); ?>"/> <input name="act" type="hidden" value="<?=$act;?>"/> <?php if (isset($id) && $a_server[$id]): ?> - <input name="id" type="hidden" value="<?=$id;?>"> + <input name="id" type="hidden" value="<?=htmlspecialchars($id);?>"> <?php endif; ?> </td> </tr> diff --git a/usr/local/www/vpn_pppoe_edit.php b/usr/local/www/vpn_pppoe_edit.php index e5e6403..b667da7 100755 --- a/usr/local/www/vpn_pppoe_edit.php +++ b/usr/local/www/vpn_pppoe_edit.php @@ -60,9 +60,10 @@ if (!is_array($config['pppoes']['pppoe'])) { } $a_pppoes = &$config['pppoes']['pppoe']; -$id = $_GET['id']; -if (isset($_POST['id'])) - $id = $_POST['id']; +if (is_numericint($_GET['id'])) + $id = $_GET['id']; +if (isset($_POST['id']) && is_numericint($_POST['id'])) + $id = $_POST['id']; if (isset($id) && $a_pppoes[$id]) { $pppoecfg =& $a_pppoes[$id]; diff --git a/usr/local/www/vpn_pptp_users_edit.php b/usr/local/www/vpn_pptp_users_edit.php index e058442..4d2acd3 100755 --- a/usr/local/www/vpn_pptp_users_edit.php +++ b/usr/local/www/vpn_pptp_users_edit.php @@ -56,8 +56,9 @@ if (!is_array($config['pptpd']['user'])) { } $a_secret = &$config['pptpd']['user']; -$id = $_GET['id']; -if (isset($_POST['id'])) +if (is_numericint($_GET['id'])) + $id = $_GET['id']; +if (isset($_POST['id']) && is_numericint($_POST['id'])) $id = $_POST['id']; if (isset($id) && $a_secret[$id]) { |