diff options
author | Ermal <eri@pfsense.org> | 2012-11-20 14:03:05 +0000 |
---|---|---|
committer | Ermal <eri@pfsense.org> | 2012-11-20 14:06:12 +0000 |
commit | b71f0cbb059eacb260f71ce671bd7b4dbae39c5e (patch) | |
tree | 637e2a00180ff1c3d0415e834e0c907370ef3995 /usr/local | |
parent | 64307806ab5b53a60a4343862f806be90e2eea79 (diff) | |
download | pfsense-b71f0cbb059eacb260f71ce671bd7b4dbae39c5e.zip pfsense-b71f0cbb059eacb260f71ce671bd7b4dbae39c5e.tar.gz |
Resolves #2294. Base64 encode the file when sending to the browser same way it is encoded when sent to us. This prevents csrf from mangling things
Diffstat (limited to 'usr/local')
-rw-r--r-- | usr/local/www/edit.php | 7 |
1 files changed, 3 insertions, 4 deletions
diff --git a/usr/local/www/edit.php b/usr/local/www/edit.php index 8e1272b..0036ca1 100644 --- a/usr/local/www/edit.php +++ b/usr/local/www/edit.php @@ -36,9 +36,6 @@ ##|*MATCH=edit.php* ##|-PRIV -//if($_POST['action'] === "load" || $_POST['action'] === "save") -// $nocsrf = true; - $pgtitle = array(gettext("Diagnostics"), gettext("Edit file")); require("guiconfig.inc"); @@ -56,6 +53,7 @@ if($_POST['action']) { if($data === false) { echo "|1|" . gettext("Failed to read file") . ".|"; } else { + $data = base64_encode($data); echo "|0|{$_POST['file']}|{$data}|"; } } @@ -117,8 +115,9 @@ outputJavaScriptFileInline("javascript/base64.js"); if(values.shift() == "0") { var file = values.shift(); + var fileContent = Base64.decode(values.join("|")); jQuery("#fileStatus").html("<?=gettext("File successfully loaded"); ?>."); - jQuery("#fileContent").val(values.join("|")); + jQuery("#fileContent").val(fileContent); var lang = "none"; if(file.indexOf(".php") > 0) lang = "php"; |