diff options
| author | Evgeny Yurchenko <ey@tm-k.com> | 2011-05-31 05:05:58 -0400 |
|---|---|---|
| committer | Evgeny Yurchenko <ey@tm-k.com> | 2011-05-31 05:05:58 -0400 |
| commit | 9d545c88c68539c6f7e6790d6d80e6ed4f51e179 (patch) | |
| tree | ea09861f1b667de181758b6c2405aac04d1a0793 /usr/local | |
| parent | 061f28bfd582d1f08d8dfe60f87fc4fd99ec0a93 (diff) | |
| parent | 0ca52cfffdd7f043dbcca3159668992611504f86 (diff) | |
| download | pfsense-9d545c88c68539c6f7e6790d6d80e6ed4f51e179.zip pfsense-9d545c88c68539c6f7e6790d6d80e6ed4f51e179.tar.gz | |
Merge remote branch 'origin/master'
Diffstat (limited to 'usr/local')
| -rwxr-xr-x | usr/local/www/firewall_rules_edit.php | 13 | ||||
| -rwxr-xr-x | usr/local/www/xmlrpc.php | 23 |
2 files changed, 21 insertions, 15 deletions
diff --git a/usr/local/www/firewall_rules_edit.php b/usr/local/www/firewall_rules_edit.php index 79f65f0..bd8f48d 100755 --- a/usr/local/www/firewall_rules_edit.php +++ b/usr/local/www/firewall_rules_edit.php @@ -253,19 +253,6 @@ if ($_POST) { unset($input_errors); $pconfig = $_POST; - /* run through $_POST items encoding HTML entties so that the user - * cannot think he is slick and perform a XSS attack on the unwilling - */ - foreach ($_POST as $key => $value) { - $temp = str_replace(">", "", $value); - - if (isset($_POST['floating']) && $key == "interface") - continue; - $newpost = htmlentities($temp); - if($newpost <> $temp) - $input_errors[] = sprintf(gettext("Invalid characters detected (%s). Please remove invalid characters and save again."),$temp); - } - /* input validation */ $reqdfields = explode(" ", "type proto"); if ( isset($a_filter[$id]['associated-rule-id'])===false ) { diff --git a/usr/local/www/xmlrpc.php b/usr/local/www/xmlrpc.php index 97fbc45..500700a 100755 --- a/usr/local/www/xmlrpc.php +++ b/usr/local/www/xmlrpc.php @@ -271,8 +271,14 @@ $merge_config_section_sig = array( function merge_config_section_xmlrpc($raw_params) { global $config, $xmlrpc_g; - - return restore_config_section_xmlrpc($raw_params); + $params = xmlrpc_params_to_php($raw_params); + if(!xmlrpc_auth($params)) + return $xmlrpc_g['return']['authfail']; + $config_new = array_overlay($config, $params[0]); + $config = $config_new; + $mergedkeys = implode(",", array_keys($params[0])); + write_config(sprintf(gettext("Merged in config (%s sections) from XMLRPC client."), $mergedkeys)); + return $xmlrpc_g['return']['true']; } /*****************************/ @@ -448,4 +454,17 @@ $server = new XML_RPC_Server( unlock($xmlrpclockkey); + function array_overlay($a1,$a2) + { + foreach($a1 as $k => $v) { + if(!array_key_exists($k,$a2)) continue; + if(is_array($v) && is_array($a2[$k])){ + $a1[$k] = array_overlay($v,$a2[$k]); + }else{ + $a1[$k] = $a2[$k]; + } + } + return $a1; + } + ?> |
