summaryrefslogtreecommitdiffstats
path: root/usr/local
diff options
context:
space:
mode:
authorRenato Botelho <garga@FreeBSD.org>2014-03-12 11:35:57 -0300
committerRenato Botelho <garga@FreeBSD.org>2014-03-12 11:42:49 -0300
commite41ec5848f21015068255c1d61d01edf442e8e7e (patch)
tree45c3214c1e3d638dbacb217cd3de95fb4aa6e770 /usr/local
parent49f3f28fea92114b09d3b2d8103398c4adcb3635 (diff)
downloadpfsense-e41ec5848f21015068255c1d61d01edf442e8e7e.zip
pfsense-e41ec5848f21015068255c1d61d01edf442e8e7e.tar.gz
Improve checks for params 'id', 'dup' and other similar ones to make sure they are numeric integer, also, pass them through htmlspecialchars() before print
Diffstat (limited to 'usr/local')
-rwxr-xr-xusr/local/www/firewall_aliases_edit.php5
-rwxr-xr-xusr/local/www/firewall_nat_1to1_edit.php5
-rwxr-xr-xusr/local/www/firewall_nat_edit.php19
-rw-r--r--usr/local/www/firewall_nat_npt_edit.php5
-rwxr-xr-xusr/local/www/firewall_nat_out_edit.php21
-rwxr-xr-xusr/local/www/firewall_rules_edit.php21
-rw-r--r--usr/local/www/firewall_schedule_edit.php6
-rwxr-xr-xusr/local/www/firewall_virtual_ip.php4
-rwxr-xr-xusr/local/www/firewall_virtual_ip_edit.php6
-rwxr-xr-xusr/local/www/interfaces.php2
-rw-r--r--usr/local/www/interfaces_bridge_edit.php5
-rw-r--r--usr/local/www/interfaces_gif_edit.php6
-rw-r--r--usr/local/www/interfaces_gre_edit.php6
-rwxr-xr-xusr/local/www/interfaces_groups_edit.php4
-rw-r--r--usr/local/www/interfaces_lagg_edit.php5
-rw-r--r--usr/local/www/interfaces_ppps_edit.php5
-rwxr-xr-xusr/local/www/interfaces_qinq_edit.php5
-rwxr-xr-xusr/local/www/interfaces_vlan_edit.php5
-rw-r--r--usr/local/www/interfaces_wireless_edit.php5
-rwxr-xr-xusr/local/www/load_balancer_monitor_edit.php6
-rwxr-xr-xusr/local/www/load_balancer_pool_edit.php6
-rwxr-xr-xusr/local/www/load_balancer_relay_action_edit.php6
-rwxr-xr-xusr/local/www/load_balancer_relay_protocol_edit.php6
-rwxr-xr-xusr/local/www/load_balancer_virtual_server_edit.php6
-rwxr-xr-xusr/local/www/services_captiveportal.php2
-rwxr-xr-xusr/local/www/services_captiveportal_filemanager.php2
-rwxr-xr-xusr/local/www/services_captiveportal_hostname.php2
-rwxr-xr-xusr/local/www/services_captiveportal_hostname_edit.php5
-rwxr-xr-xusr/local/www/services_captiveportal_ip.php2
-rwxr-xr-xusr/local/www/services_captiveportal_ip_edit.php5
-rwxr-xr-xusr/local/www/services_captiveportal_mac.php2
-rwxr-xr-xusr/local/www/services_captiveportal_mac_edit.php5
-rw-r--r--usr/local/www/services_captiveportal_vouchers.php2
-rw-r--r--usr/local/www/services_captiveportal_vouchers_edit.php5
-rwxr-xr-xusr/local/www/services_dhcp_edit.php5
-rw-r--r--usr/local/www/services_dhcpv6_edit.php5
-rwxr-xr-xusr/local/www/services_dnsmasq_domainoverride_edit.php7
-rwxr-xr-xusr/local/www/services_dnsmasq_edit.php5
-rw-r--r--usr/local/www/services_dyndns_edit.php5
-rwxr-xr-xusr/local/www/services_igmpproxy_edit.php5
-rw-r--r--usr/local/www/services_rfc2136_edit.php5
-rwxr-xr-xusr/local/www/services_wol_edit.php5
-rwxr-xr-xusr/local/www/status_captiveportal.php4
-rw-r--r--usr/local/www/status_captiveportal_expire.php2
-rw-r--r--usr/local/www/status_captiveportal_test.php2
-rwxr-xr-xusr/local/www/status_wireless.php2
-rw-r--r--usr/local/www/system_advanced_sysctl.php7
-rw-r--r--usr/local/www/system_authservers.php7
-rw-r--r--usr/local/www/system_camanager.php9
-rw-r--r--usr/local/www/system_certmanager.php19
-rw-r--r--usr/local/www/system_crlmanager.php11
-rwxr-xr-xusr/local/www/system_gateway_groups_edit.php10
-rwxr-xr-xusr/local/www/system_gateways_edit.php10
-rw-r--r--usr/local/www/system_groupmanager_addprivs.php7
-rwxr-xr-xusr/local/www/system_routes_edit.php10
-rw-r--r--usr/local/www/system_usermanager.php7
-rw-r--r--usr/local/www/system_usermanager_addprivs.php7
-rw-r--r--usr/local/www/vpn_ipsec_keys_edit.php5
-rw-r--r--usr/local/www/vpn_ipsec_phase1.php14
-rw-r--r--usr/local/www/vpn_ipsec_phase2.php11
-rw-r--r--usr/local/www/vpn_l2tp_users_edit.php5
-rw-r--r--usr/local/www/vpn_openvpn_client.php7
-rw-r--r--usr/local/www/vpn_openvpn_csc.php7
-rw-r--r--usr/local/www/vpn_openvpn_server.php7
-rwxr-xr-xusr/local/www/vpn_pppoe_edit.php5
-rwxr-xr-xusr/local/www/vpn_pptp_users_edit.php5
66 files changed, 232 insertions, 192 deletions
diff --git a/usr/local/www/firewall_aliases_edit.php b/usr/local/www/firewall_aliases_edit.php
index e5702f2..94ba206 100755
--- a/usr/local/www/firewall_aliases_edit.php
+++ b/usr/local/www/firewall_aliases_edit.php
@@ -92,8 +92,9 @@ function alias_same_type($name, $type) {
return true;
}
-$id = $_GET['id'];
-if (isset($_POST['id']))
+if (is_numericint($_GET['id']))
+ $id = $_GET['id'];
+if (isset($_POST['id']) && is_numericint($_POST['id']))
$id = $_POST['id'];
if (isset($id) && $a_aliases[$id]) {
diff --git a/usr/local/www/firewall_nat_1to1_edit.php b/usr/local/www/firewall_nat_1to1_edit.php
index 80587fd..15bfce2 100755
--- a/usr/local/www/firewall_nat_1to1_edit.php
+++ b/usr/local/www/firewall_nat_1to1_edit.php
@@ -56,8 +56,9 @@ if (!is_array($config['nat']['onetoone']))
$a_1to1 = &$config['nat']['onetoone'];
-$id = $_GET['id'];
-if (isset($_POST['id']))
+if (is_numericint($_GET['id']))
+ $id = $_GET['id'];
+if (isset($_POST['id']) && is_numericint($_POST['id']))
$id = $_POST['id'];
$after = $_GET['after'];
diff --git a/usr/local/www/firewall_nat_edit.php b/usr/local/www/firewall_nat_edit.php
index d9c3cc0..811d451 100755
--- a/usr/local/www/firewall_nat_edit.php
+++ b/usr/local/www/firewall_nat_edit.php
@@ -56,16 +56,17 @@ if (!is_array($config['nat']['rule'])) {
}
$a_nat = &$config['nat']['rule'];
-$id = $_GET['id'];
-if (isset($_POST['id']))
+if (is_numericint($_GET['id']))
+ $id = $_GET['id'];
+if (isset($_POST['id']) && is_numericint($_POST['id']))
$id = $_POST['id'];
-$after = $_GET['after'];
-
-if (isset($_POST['after']))
+if (is_numericint($_GET['after']))
+ $after = $_GET['after'];
+if (isset($_POST['after']) && is_numericint($_GET['after']))
$after = $_POST['after'];
-if (isset($_GET['dup'])) {
+if (isset($_GET['dup']) && is_numericint($_GET['dup'])) {
$id = $_GET['dup'];
$after = $_GET['dup'];
}
@@ -105,7 +106,7 @@ if (isset($id) && $a_nat[$id]) {
$pconfig['srcendport'] = "any";
}
-if (isset($_GET['dup']))
+if (isset($_GET['dup']) && is_numericint($_GET['dup']))
unset($id);
/* run through $_POST items encoding HTML entties so that the user
@@ -804,7 +805,7 @@ include("fbegin.inc"); ?>
</select>
</td>
</tr>
- <?php if (isset($id) && $a_nat[$id] && !isset($_GET['dup'])): ?>
+ <?php if (isset($id) && $a_nat[$id] && (!isset($_GET['dup']) || !is_numericint($_GET['dup']))): ?>
<tr name="assoctable" id="assoctable">
<td width="22%" valign="top" class="vncell"><?=gettext("Filter rule association"); ?></td>
<td width="78%" class="vtable">
@@ -835,7 +836,7 @@ include("fbegin.inc"); ?>
</td>
</tr>
<?php endif; ?>
- <?php if ((!(isset($id) && $a_nat[$id])) || (isset($_GET['dup']))): ?>
+ <?php if ((!(isset($id) && $a_nat[$id])) || (isset($_GET['dup']) && is_numericint($_GET['dup']))): ?>
<tr name="assoctable" id="assoctable">
<td width="22%" valign="top" class="vncell"><?=gettext("Filter rule association"); ?></td>
<td width="78%" class="vtable">
diff --git a/usr/local/www/firewall_nat_npt_edit.php b/usr/local/www/firewall_nat_npt_edit.php
index ace491d..87ccacb 100644
--- a/usr/local/www/firewall_nat_npt_edit.php
+++ b/usr/local/www/firewall_nat_npt_edit.php
@@ -69,8 +69,9 @@ if (!is_array($config['nat']['npt'])) {
}
$a_npt = &$config['nat']['npt'];
-$id = $_GET['id'];
-if (isset($_POST['id']))
+if (is_numericint($_GET['id']))
+ $id = $_GET['id'];
+if (isset($_POST['id']) && is_numericint($_POST['id']))
$id = $_POST['id'];
if (isset($id) && $a_npt[$id]) {
diff --git a/usr/local/www/firewall_nat_out_edit.php b/usr/local/www/firewall_nat_out_edit.php
index 5e113a5..1d2e79d 100755
--- a/usr/local/www/firewall_nat_out_edit.php
+++ b/usr/local/www/firewall_nat_out_edit.php
@@ -58,19 +58,19 @@ if (!is_array($config['aliases']['alias']))
$config['aliases']['alias'] = array();
$a_aliases = &$config['aliases']['alias'];
-$id = $_GET['id'];
-if (isset($_POST['id'])) {
+if (is_numericint($_GET['id']))
+ $id = $_GET['id'];
+if (isset($_POST['id']) && is_numericint($_POST['id']))
$id = $_POST['id'];
-}
-
-$after = $_GET['after'];
-if (isset($_POST['after']))
+if (is_numericint($_GET['after']))
+ $after = $_GET['after'];
+if (isset($_POST['after']) && is_numericint($_GET['after']))
$after = $_POST['after'];
-if (isset($_GET['dup'])) {
- $id = $_GET['dup'];
- $after = $_GET['dup'];
+if (isset($_GET['dup']) && is_numericint($_GET['dup'])) {
+ $id = $_GET['dup'];
+ $after = $_GET['dup'];
}
if (isset($id) && $a_out[$id]) {
@@ -110,9 +110,8 @@ if (isset($id) && $a_out[$id]) {
$pconfig['interface'] = "wan";
}
-if (isset($_GET['dup'])) {
+if (isset($_GET['dup']) && is_numericint($_GET['dup']))
unset($id);
-}
if ($_POST) {
if ($_POST['destination_type'] == "any") {
diff --git a/usr/local/www/firewall_rules_edit.php b/usr/local/www/firewall_rules_edit.php
index 47bee3b..769c540 100755
--- a/usr/local/www/firewall_rules_edit.php
+++ b/usr/local/www/firewall_rules_edit.php
@@ -81,18 +81,19 @@ if (!is_array($config['filter']['rule'])) {
filter_rules_sort();
$a_filter = &$config['filter']['rule'];
-$id = $_GET['id'];
-if (is_numeric($_POST['id']))
+if (is_numericint($_GET['id']))
+ $id = $_GET['id'];
+if (isset($_POST['id']) && is_numericint($_POST['id']))
$id = $_POST['id'];
-$after = $_GET['after'];
-
-if (isset($_POST['after']))
+if (is_numericint($_GET['after']))
+ $after = $_GET['after'];
+if (isset($_POST['after']) && is_numericint($_GET['after']))
$after = $_POST['after'];
-if (isset($_GET['dup'])) {
- $id = $_GET['dup'];
- $after = $_GET['dup'];
+if (isset($_GET['dup']) && is_numericint($_GET['dup'])) {
+ $id = $_GET['dup'];
+ $after = $_GET['dup'];
}
if (isset($id) && $a_filter[$id]) {
@@ -203,7 +204,7 @@ if (isset($id) && $a_filter[$id]) {
$pconfig['sched'] = (($a_filter[$id]['sched'] == "none") ? '' : $a_filter[$id]['sched']);
$pconfig['vlanprio'] = (($a_filter[$id]['vlanprio'] == "none") ? '' : $a_filter[$id]['vlanprio']);
$pconfig['vlanprioset'] = (($a_filter[$id]['vlanprioset'] == "none") ? '' : $a_filter[$id]['vlanprioset']);
- if (!isset($_GET['dup']))
+ if (!isset($_GET['dup']) || !is_numericint($_GET['dup']))
$pconfig['associated-rule-id'] = $a_filter[$id]['associated-rule-id'];
$pconfig['tracker'] = $a_filter[$id]['tracker'];
@@ -219,7 +220,7 @@ if (isset($id) && $a_filter[$id]) {
/* Allow the FloatingRules to work */
$if = $pconfig['interface'];
-if (isset($_GET['dup']))
+if (isset($_GET['dup']) && is_numericint($_GET['dup']))
unset($id);
read_altq_config(); /* XXX: */
diff --git a/usr/local/www/firewall_schedule_edit.php b/usr/local/www/firewall_schedule_edit.php
index f430682..5cc6870 100644
--- a/usr/local/www/firewall_schedule_edit.php
+++ b/usr/local/www/firewall_schedule_edit.php
@@ -74,9 +74,9 @@ if (!is_array($config['schedules']['schedule']))
$a_schedules = &$config['schedules']['schedule'];
-
-$id = $_GET['id'];
-if (isset($_POST['id']))
+if (is_numericint($_GET['id']))
+ $id = $_GET['id'];
+if (isset($_POST['id']) && is_numericint($_POST['id']))
$id = $_POST['id'];
if (isset($id) && $a_schedules[$id]) {
diff --git a/usr/local/www/firewall_virtual_ip.php b/usr/local/www/firewall_virtual_ip.php
index b081c46..7d17938 100755
--- a/usr/local/www/firewall_virtual_ip.php
+++ b/usr/local/www/firewall_virtual_ip.php
@@ -190,7 +190,7 @@ if ($_GET['act'] == "del") {
exit;
}
}
-} else if ($_GET['changes'] == "mods")
+} else if ($_GET['changes'] == "mods" && is_numericint($_GET['id']))
$id = $_GET['id'];
$pgtitle = array(gettext("Firewall"),gettext("Virtual IP Addresses"));
@@ -222,7 +222,7 @@ include("head.inc");
?>
</td></tr>
<tr>
- <td><input type="hidden" id="id" name="id" value="<?php echo $id; ?>" /></td>
+ <td><input type="hidden" id="id" name="id" value="<?php echo htmlspecialchars($id); ?>" /></td>
</tr>
<tr>
<td>
diff --git a/usr/local/www/firewall_virtual_ip_edit.php b/usr/local/www/firewall_virtual_ip_edit.php
index 4fbaa65..3a9fe94 100755
--- a/usr/local/www/firewall_virtual_ip_edit.php
+++ b/usr/local/www/firewall_virtual_ip_edit.php
@@ -58,10 +58,10 @@ if (!is_array($config['virtualip']['vip'])) {
}
$a_vip = &$config['virtualip']['vip'];
-if (isset($_POST['id']))
- $id = $_POST['id'];
-else
+if (is_numericint($_GET['id']))
$id = $_GET['id'];
+if (isset($_POST['id']) && is_numericint($_POST['id']))
+ $id = $_POST['id'];
function return_first_two_octets($ip) {
$ip_split = explode(".", $ip);
diff --git a/usr/local/www/interfaces.php b/usr/local/www/interfaces.php
index de9f69f..244f7e8 100755
--- a/usr/local/www/interfaces.php
+++ b/usr/local/www/interfaces.php
@@ -3291,7 +3291,7 @@ $types6 = array("none" => gettext("None"), "staticv6" => gettext("Static IPv6"),
<br/>
<input id="save" name="Submit" type="submit" class="formbtn" value="<?=gettext("Save"); ?>" />
<input id="cancel" type="button" class="formbtn" value="<?=gettext("Cancel"); ?>" onclick="history.back()" />
- <input name="if" type="hidden" id="if" value="<?=$if;?>" />
+ <input name="if" type="hidden" id="if" value="<?=htmlspecialchars($if);?>" />
<?php if ($wancfg['if'] == $a_ppps[$pppid]['if']) : ?>
<input name="ppp_port" type="hidden" value="<?=htmlspecialchars($pconfig['port']);?>" />
<?php endif; ?>
diff --git a/usr/local/www/interfaces_bridge_edit.php b/usr/local/www/interfaces_bridge_edit.php
index 36a9b1a..6b1ff3c 100644
--- a/usr/local/www/interfaces_bridge_edit.php
+++ b/usr/local/www/interfaces_bridge_edit.php
@@ -51,8 +51,9 @@ foreach ($ifacelist as $bif => $bdescr) {
unset($ifacelist[$bif]);
}
-$id = $_GET['id'];
-if (isset($_POST['id']))
+if (is_numericint($_GET['id']))
+ $id = $_GET['id'];
+if (isset($_POST['id']) && is_numericint($_POST['id']))
$id = $_POST['id'];
if (isset($id) && $a_bridges[$id]) {
diff --git a/usr/local/www/interfaces_gif_edit.php b/usr/local/www/interfaces_gif_edit.php
index 5d091ca..464d980 100644
--- a/usr/local/www/interfaces_gif_edit.php
+++ b/usr/local/www/interfaces_gif_edit.php
@@ -45,9 +45,9 @@ if (!is_array($config['gifs']['gif']))
$a_gifs = &$config['gifs']['gif'];
-
-$id = $_GET['id'];
-if (isset($_POST['id']))
+if (is_numericint($_GET['id']))
+ $id = $_GET['id'];
+if (isset($_POST['id']) && is_numericint($_POST['id']))
$id = $_POST['id'];
if (isset($id) && $a_gifs[$id]) {
diff --git a/usr/local/www/interfaces_gre_edit.php b/usr/local/www/interfaces_gre_edit.php
index bd3e420..56f72b9 100644
--- a/usr/local/www/interfaces_gre_edit.php
+++ b/usr/local/www/interfaces_gre_edit.php
@@ -46,9 +46,9 @@ if (!is_array($config['gres']['gre']))
$a_gres = &$config['gres']['gre'];
-
-$id = $_GET['id'];
-if (isset($_POST['id']))
+if (is_numericint($_GET['id']))
+ $id = $_GET['id'];
+if (isset($_POST['id']) && is_numericint($_POST['id']))
$id = $_POST['id'];
if (isset($id) && $a_gres[$id]) {
diff --git a/usr/local/www/interfaces_groups_edit.php b/usr/local/www/interfaces_groups_edit.php
index 09053c7..77812dd 100755
--- a/usr/local/www/interfaces_groups_edit.php
+++ b/usr/local/www/interfaces_groups_edit.php
@@ -49,9 +49,9 @@ if (!is_array($config['ifgroups']['ifgroupentry']))
$a_ifgroups = &$config['ifgroups']['ifgroupentry'];
-if (isset($_GET['id']))
+if (is_numericint($_GET['id']))
$id = $_GET['id'];
-if (isset($_POST['id']))
+if (isset($_POST['id']) && is_numericint($_POST['id']))
$id = $_POST['id'];
if (isset($id) && $a_ifgroups[$id]) {
diff --git a/usr/local/www/interfaces_lagg_edit.php b/usr/local/www/interfaces_lagg_edit.php
index a830172..fb4758b 100644
--- a/usr/local/www/interfaces_lagg_edit.php
+++ b/usr/local/www/interfaces_lagg_edit.php
@@ -64,8 +64,9 @@ foreach ($checklist as $tmpif)
$laggprotos = array("none", "lacp", "failover", "fec", "loadbalance", "roundrobin");
-$id = $_GET['id'];
-if (isset($_POST['id']))
+if (is_numericint($_GET['id']))
+ $id = $_GET['id'];
+if (isset($_POST['id']) && is_numericint($_POST['id']))
$id = $_POST['id'];
if (isset($id) && $a_laggs[$id]) {
diff --git a/usr/local/www/interfaces_ppps_edit.php b/usr/local/www/interfaces_ppps_edit.php
index 353b4b5..48df691 100644
--- a/usr/local/www/interfaces_ppps_edit.php
+++ b/usr/local/www/interfaces_ppps_edit.php
@@ -64,8 +64,9 @@ if (is_array($config['vlans']['vlan']) && count($config['vlans']['vlan'])) {
}
}
-$id = $_GET['id'];
-if (isset($_POST['id']))
+if (is_numericint($_GET['id']))
+ $id = $_GET['id'];
+if (isset($_POST['id']) && is_numericint($_POST['id']))
$id = $_POST['id'];
if (isset($id) && $a_ppps[$id]) {
diff --git a/usr/local/www/interfaces_qinq_edit.php b/usr/local/www/interfaces_qinq_edit.php
index 242b26d..93d98c4 100755
--- a/usr/local/www/interfaces_qinq_edit.php
+++ b/usr/local/www/interfaces_qinq_edit.php
@@ -59,8 +59,9 @@ if (count($portlist) < 1) {
exit;
}
-$id = $_GET['id'];
-if (isset($_POST['id']))
+if (is_numericint($_GET['id']))
+ $id = $_GET['id'];
+if (isset($_POST['id']) && is_numericint($_POST['id']))
$id = $_POST['id'];
if (isset($id) && $a_qinqs[$id]) {
diff --git a/usr/local/www/interfaces_vlan_edit.php b/usr/local/www/interfaces_vlan_edit.php
index acd78e2..a93b687 100755
--- a/usr/local/www/interfaces_vlan_edit.php
+++ b/usr/local/www/interfaces_vlan_edit.php
@@ -54,8 +54,9 @@ if (is_array($config['laggs']['lagg']) && count($config['laggs']['lagg'])) {
$portlist[$lagg['laggif']] = $lagg;
}
-$id = $_GET['id'];
-if (isset($_POST['id']))
+if (is_numericint($_GET['id']))
+ $id = $_GET['id'];
+if (isset($_POST['id']) && is_numericint($_POST['id']))
$id = $_POST['id'];
if (isset($id) && $a_vlans[$id]) {
diff --git a/usr/local/www/interfaces_wireless_edit.php b/usr/local/www/interfaces_wireless_edit.php
index b34f266..67aefaa 100644
--- a/usr/local/www/interfaces_wireless_edit.php
+++ b/usr/local/www/interfaces_wireless_edit.php
@@ -65,8 +65,9 @@ function clone_compare($a, $b) {
$portlist = get_interface_list();
-$id = $_GET['id'];
-if (isset($_POST['id']))
+if (is_numericint($_GET['id']))
+ $id = $_GET['id'];
+if (isset($_POST['id']) && is_numericint($_POST['id']))
$id = $_POST['id'];
if (isset($id) && $a_clones[$id]) {
diff --git a/usr/local/www/load_balancer_monitor_edit.php b/usr/local/www/load_balancer_monitor_edit.php
index 1a4206c..7df311e 100755
--- a/usr/local/www/load_balancer_monitor_edit.php
+++ b/usr/local/www/load_balancer_monitor_edit.php
@@ -46,10 +46,10 @@ if (!is_array($config['load_balancer']['monitor_type'])) {
}
$a_monitor = &$config['load_balancer']['monitor_type'];
-if (isset($_POST['id']))
- $id = $_POST['id'];
-else
+if (is_numericint($_GET['id']))
$id = $_GET['id'];
+if (isset($_POST['id']) && is_numericint($_POST['id']))
+ $id = $_POST['id'];
if (isset($id) && $a_monitor[$id]) {
$pconfig['name'] = $a_monitor[$id]['name'];
diff --git a/usr/local/www/load_balancer_pool_edit.php b/usr/local/www/load_balancer_pool_edit.php
index 13a114a..29f7f19 100755
--- a/usr/local/www/load_balancer_pool_edit.php
+++ b/usr/local/www/load_balancer_pool_edit.php
@@ -48,10 +48,10 @@ if (!is_array($config['load_balancer']['lbpool'])) {
}
$a_pool = &$config['load_balancer']['lbpool'];
-if (isset($_POST['id']))
- $id = $_POST['id'];
-else
+if (is_numericint($_GET['id']))
$id = $_GET['id'];
+if (isset($_POST['id']) && is_numericint($_POST['id']))
+ $id = $_POST['id'];
if (isset($id) && $a_pool[$id]) {
$pconfig['name'] = $a_pool[$id]['name'];
diff --git a/usr/local/www/load_balancer_relay_action_edit.php b/usr/local/www/load_balancer_relay_action_edit.php
index edbea87..51f5245 100755
--- a/usr/local/www/load_balancer_relay_action_edit.php
+++ b/usr/local/www/load_balancer_relay_action_edit.php
@@ -45,10 +45,10 @@ if (!is_array($config['load_balancer']['lbaction'])) {
}
$a_action = &$config['load_balancer']['lbaction'];
-if (isset($_POST['id']))
- $id = $_POST['id'];
-else
+if (is_numericint($_GET['id']))
$id = $_GET['id'];
+if (isset($_POST['id']) && is_numericint($_POST['id']))
+ $id = $_POST['id'];
if (isset($id) && $a_action[$id]) {
$pconfig = array();
diff --git a/usr/local/www/load_balancer_relay_protocol_edit.php b/usr/local/www/load_balancer_relay_protocol_edit.php
index 387d00d..c2593a6 100755
--- a/usr/local/www/load_balancer_relay_protocol_edit.php
+++ b/usr/local/www/load_balancer_relay_protocol_edit.php
@@ -46,10 +46,10 @@ if (!is_array($config['load_balancer']['lbprotocol'])) {
}
$a_protocol = &$config['load_balancer']['lbprotocol'];
-if (isset($_POST['id']))
- $id = $_POST['id'];
-else
+if (is_numericint($_GET['id']))
$id = $_GET['id'];
+if (isset($_POST['id']) && is_numericint($_POST['id']))
+ $id = $_POST['id'];
if (isset($id) && $a_protocol[$id]) {
$pconfig = $a_protocol[$id];
diff --git a/usr/local/www/load_balancer_virtual_server_edit.php b/usr/local/www/load_balancer_virtual_server_edit.php
index db7a49f..a326370 100755
--- a/usr/local/www/load_balancer_virtual_server_edit.php
+++ b/usr/local/www/load_balancer_virtual_server_edit.php
@@ -46,10 +46,10 @@ if (!is_array($config['load_balancer']['virtual_server'])) {
}
$a_vs = &$config['load_balancer']['virtual_server'];
-if (isset($_POST['id']))
- $id = $_POST['id'];
-else
+if (is_numericint($_GET['id']))
$id = $_GET['id'];
+if (isset($_POST['id']) && is_numericint($_POST['id']))
+ $id = $_POST['id'];
if (isset($id) && $a_vs[$id]) {
$pconfig = $a_vs[$id];
diff --git a/usr/local/www/services_captiveportal.php b/usr/local/www/services_captiveportal.php
index 3bf53f7..ade0b8f 100755
--- a/usr/local/www/services_captiveportal.php
+++ b/usr/local/www/services_captiveportal.php
@@ -1061,7 +1061,7 @@ function enable_change(enable_change) {
<tr>
<td width="22%" valign="top">&nbsp;</td>
<td width="78%">
- <?php echo "<input name='zone' id='zone' type='hidden' value='{$cpzone}'/>"; ?>
+ <?php echo "<input name='zone' id='zone' type='hidden' value='" . htmlspecialchars($cpzone) . "'/>"; ?>
<input name="Submit" type="submit" class="formbtn" value="<?=gettext("Save"); ?>" onClick="enable_change(true)">
<a href="services_captiveportal_zones.php"><input name="Cancel" type="button" class="formbtn" value="<?=gettext("Cancel"); ?>" onClick="enable_change(true)"></a>
</td>
diff --git a/usr/local/www/services_captiveportal_filemanager.php b/usr/local/www/services_captiveportal_filemanager.php
index 0b81d23..34d87a6 100755
--- a/usr/local/www/services_captiveportal_filemanager.php
+++ b/usr/local/www/services_captiveportal_filemanager.php
@@ -138,7 +138,7 @@ include("head.inc");
<?php include("fbegin.inc"); ?>
<body link="#0000CC" vlink="#0000CC" alink="#0000CC">
<form action="services_captiveportal_filemanager.php" method="post" enctype="multipart/form-data" name="iform" id="iform">
-<input type="hidden" name="zone" id="zone" value="<?=$cpzone;?>" />
+<input type="hidden" name="zone" id="zone" value="<?=htmlspecialchars($cpzone);?>" />
<?php if ($input_errors) print_input_errors($input_errors); ?>
<table width="100%" border="0" cellpadding="0" cellspacing="0">
<tr><td class="tabnavtbl">
diff --git a/usr/local/www/services_captiveportal_hostname.php b/usr/local/www/services_captiveportal_hostname.php
index d23f0e8..2d1fba1 100755
--- a/usr/local/www/services_captiveportal_hostname.php
+++ b/usr/local/www/services_captiveportal_hostname.php
@@ -98,7 +98,7 @@ include("head.inc");
<?php include("fbegin.inc"); ?>
<body link="#0000CC" vlink="#0000CC" alink="#0000CC">
<form action="services_captiveportal_hostname.php" method="post">
-<input type="hidden" name="zone" id="zone" value="<?=$cpzone;?>" />
+<input type="hidden" name="zone" id="zone" value="<?=htmlspecialchars($cpzone);?>" />
<?php if ($savemsg) print_info_box($savemsg); ?>
<table width="100%" border="0" cellpadding="0" cellspacing="0">
<tr><td class="tabnavtbl">
diff --git a/usr/local/www/services_captiveportal_hostname_edit.php b/usr/local/www/services_captiveportal_hostname_edit.php
index cf01f18..707473c 100755
--- a/usr/local/www/services_captiveportal_hostname_edit.php
+++ b/usr/local/www/services_captiveportal_hostname_edit.php
@@ -72,8 +72,9 @@ if (!is_array($config['captiveportal']))
$config['captiveportal'] = array();
$a_cp =& $config['captiveportal'];
-$id = $_GET['id'];
-if (isset($_POST['id']))
+if (is_numericint($_GET['id']))
+ $id = $_GET['id'];
+if (isset($_POST['id']) && is_numericint($_POST['id']))
$id = $_POST['id'];
if (!is_array($a_cp[$cpzone]['allowedhostname']))
diff --git a/usr/local/www/services_captiveportal_ip.php b/usr/local/www/services_captiveportal_ip.php
index 3465d07..ab5f965 100755
--- a/usr/local/www/services_captiveportal_ip.php
+++ b/usr/local/www/services_captiveportal_ip.php
@@ -93,7 +93,7 @@ include("head.inc");
<?php include("fbegin.inc"); ?>
<body link="#0000CC" vlink="#0000CC" alink="#0000CC">
<form action="services_captiveportal_ip.php" method="post">
-<input type="hidden" name="zone" id="zone" value="<?=$cpzone;?>" />
+<input type="hidden" name="zone" id="zone" value="<?=htmlspecialchars($cpzone);?>" />
<?php if ($savemsg) print_info_box($savemsg); ?>
<table width="100%" border="0" cellpadding="0" cellspacing="0">
<tr><td class="tabnavtbl">
diff --git a/usr/local/www/services_captiveportal_ip_edit.php b/usr/local/www/services_captiveportal_ip_edit.php
index f91d680..0ecef07 100755
--- a/usr/local/www/services_captiveportal_ip_edit.php
+++ b/usr/local/www/services_captiveportal_ip_edit.php
@@ -73,8 +73,9 @@ if (!is_array($config['captiveportal']))
$config['captiveportal'] = array();
$a_cp =& $config['captiveportal'];
-$id = $_GET['id'];
-if (isset($_POST['id']))
+if (is_numericint($_GET['id']))
+ $id = $_GET['id'];
+if (isset($_POST['id']) && is_numericint($_POST['id']))
$id = $_POST['id'];
if (!is_array($config['captiveportal'][$cpzone]['allowedip']))
diff --git a/usr/local/www/services_captiveportal_mac.php b/usr/local/www/services_captiveportal_mac.php
index e636f7b..2d66ab5 100755
--- a/usr/local/www/services_captiveportal_mac.php
+++ b/usr/local/www/services_captiveportal_mac.php
@@ -143,7 +143,7 @@ include("head.inc");
<?php include("fbegin.inc"); ?>
<body link="#0000CC" vlink="#0000CC" alink="#0000CC">
<form action="services_captiveportal_mac.php" method="post">
-<input type="hidden" name="zone" id="zone" value="<?=$cpzone;?>"/>
+<input type="hidden" name="zone" id="zone" value="<?=htmlspecialchars($cpzone);?>"/>
<?php if ($savemsg) print_info_box($savemsg); ?>
<?php if (is_subsystem_dirty('passthrumac')): ?><p>
<?php print_info_box_np(gettext("The captive portal MAC address configuration has been changed.<br>You must apply the changes in order for them to take effect."));?><br>
diff --git a/usr/local/www/services_captiveportal_mac_edit.php b/usr/local/www/services_captiveportal_mac_edit.php
index e03454d..7302c23 100755
--- a/usr/local/www/services_captiveportal_mac_edit.php
+++ b/usr/local/www/services_captiveportal_mac_edit.php
@@ -73,8 +73,9 @@ if (!is_array($config['captiveportal']))
$config['captiveportal'] = array();
$a_cp =& $config['captiveportal'];
-$id = $_GET['id'];
-if (isset($_POST['id']))
+if (is_numericint($_GET['id']))
+ $id = $_GET['id'];
+if (isset($_POST['id']) && is_numericint($_POST['id']))
$id = $_POST['id'];
if (!is_array($a_cp[$cpzone]['passthrumac']))
diff --git a/usr/local/www/services_captiveportal_vouchers.php b/usr/local/www/services_captiveportal_vouchers.php
index cef0078..1decac5 100644
--- a/usr/local/www/services_captiveportal_vouchers.php
+++ b/usr/local/www/services_captiveportal_vouchers.php
@@ -629,7 +629,7 @@ function enable_change(enable_change) {
<tr>
<td width="22%" valign="top">&nbsp;</td>
<td width="78%">
- <input type="hidden" name="zone" id="zone" value="<?=$cpzone;?>" />
+ <input type="hidden" name="zone" id="zone" value="<?=htmlspecialchars($cpzone);?>" />
<input type="hidden" name="exponent" id="exponent" value="<?=$pconfig['exponent'];?>" />
<input name="Submit" type="submit" class="formbtn" value="<?=gettext("Save"); ?>" onClick="enable_change(true); before_save();">
<input type="button" class="formbtn" value="<?=gettext("Cancel"); ?>" onclick="history.back()">
diff --git a/usr/local/www/services_captiveportal_vouchers_edit.php b/usr/local/www/services_captiveportal_vouchers_edit.php
index bddb389..79e6001 100644
--- a/usr/local/www/services_captiveportal_vouchers_edit.php
+++ b/usr/local/www/services_captiveportal_vouchers_edit.php
@@ -67,8 +67,9 @@ if (!is_array($config['voucher'][$cpzone]['roll'])) {
}
$a_roll = &$config['voucher'][$cpzone]['roll'];
-$id = $_GET['id'];
-if (isset($_POST['id']))
+if (is_numericint($_GET['id']))
+ $id = $_GET['id'];
+if (isset($_POST['id']) && is_numericint($_POST['id']))
$id = $_POST['id'];
if (isset($id) && $a_roll[$id]) {
diff --git a/usr/local/www/services_dhcp_edit.php b/usr/local/www/services_dhcp_edit.php
index d7ade1c..5f9767c 100755
--- a/usr/local/www/services_dhcp_edit.php
+++ b/usr/local/www/services_dhcp_edit.php
@@ -86,8 +86,9 @@ $ifcfgip = get_interface_ip($if);
$ifcfgsn = get_interface_subnet($if);
$ifcfgdescr = convert_friendly_interface_to_friendly_descr($if);
-$id = $_GET['id'];
-if (isset($_POST['id']))
+if (is_numericint($_GET['id']))
+ $id = $_GET['id'];
+if (isset($_POST['id']) && is_numericint($_POST['id']))
$id = $_POST['id'];
if (isset($id) && $a_maps[$id]) {
diff --git a/usr/local/www/services_dhcpv6_edit.php b/usr/local/www/services_dhcpv6_edit.php
index 32ac04a..40f71ca 100644
--- a/usr/local/www/services_dhcpv6_edit.php
+++ b/usr/local/www/services_dhcpv6_edit.php
@@ -82,8 +82,9 @@ $ifcfgipv6 = get_interface_ipv6($if);
$ifcfgsnv6 = get_interface_subnetv6($if);
$ifcfgdescr = convert_friendly_interface_to_friendly_descr($if);
-$id = $_GET['id'];
-if (isset($_POST['id']))
+if (is_numericint($_GET['id']))
+ $id = $_GET['id'];
+if (isset($_POST['id']) && is_numericint($_POST['id']))
$id = $_POST['id'];
if (isset($id) && $a_maps[$id]) {
diff --git a/usr/local/www/services_dnsmasq_domainoverride_edit.php b/usr/local/www/services_dnsmasq_domainoverride_edit.php
index 8d0fce8..1e595da 100755
--- a/usr/local/www/services_dnsmasq_domainoverride_edit.php
+++ b/usr/local/www/services_dnsmasq_domainoverride_edit.php
@@ -45,9 +45,10 @@ if (!is_array($config['dnsmasq']['domainoverrides'])) {
}
$a_domainOverrides = &$config['dnsmasq']['domainoverrides'];
-$id = $_GET['id'];
-if (isset($_POST['id']))
- $id = $_POST['id'];
+if (is_numericint($_GET['id']))
+ $id = $_GET['id'];
+if (isset($_POST['id']) && is_numericint($_POST['id']))
+ $id = $_POST['id'];
if (isset($id) && $a_domainOverrides[$id]) {
$pconfig['domain'] = $a_domainOverrides[$id]['domain'];
diff --git a/usr/local/www/services_dnsmasq_edit.php b/usr/local/www/services_dnsmasq_edit.php
index c56f759..4efeafd 100755
--- a/usr/local/www/services_dnsmasq_edit.php
+++ b/usr/local/www/services_dnsmasq_edit.php
@@ -59,8 +59,9 @@ if (!is_array($config['dnsmasq']['hosts']))
$a_hosts = &$config['dnsmasq']['hosts'];
-$id = $_GET['id'];
-if (isset($_POST['id']))
+if (is_numericint($_GET['id']))
+ $id = $_GET['id'];
+if (isset($_POST['id']) && is_numericint($_POST['id']))
$id = $_POST['id'];
if (isset($id) && $a_hosts[$id]) {
diff --git a/usr/local/www/services_dyndns_edit.php b/usr/local/www/services_dyndns_edit.php
index 67da1ad..0284988 100644
--- a/usr/local/www/services_dyndns_edit.php
+++ b/usr/local/www/services_dyndns_edit.php
@@ -56,8 +56,9 @@ if (!is_array($config['dyndnses']['dyndns'])) {
$a_dyndns = &$config['dyndnses']['dyndns'];
-$id = $_GET['id'];
-if (isset($_POST['id']))
+if (is_numericint($_GET['id']))
+ $id = $_GET['id'];
+if (isset($_POST['id']) && is_numericint($_POST['id']))
$id = $_POST['id'];
if (isset($id) && isset($a_dyndns[$id])) {
diff --git a/usr/local/www/services_igmpproxy_edit.php b/usr/local/www/services_igmpproxy_edit.php
index 92fb71b..9d5fda5 100755
--- a/usr/local/www/services_igmpproxy_edit.php
+++ b/usr/local/www/services_igmpproxy_edit.php
@@ -53,8 +53,9 @@ if (!is_array($config['igmpproxy']['igmpentry']))
//igmpproxy_sort();
$a_igmpproxy = &$config['igmpproxy']['igmpentry'];
-$id = $_GET['id'];
-if (isset($_POST['id']))
+if (is_numericint($_GET['id']))
+ $id = $_GET['id'];
+if (isset($_POST['id']) && is_numericint($_POST['id']))
$id = $_POST['id'];
if (isset($id) && $a_igmpproxy[$id]) {
diff --git a/usr/local/www/services_rfc2136_edit.php b/usr/local/www/services_rfc2136_edit.php
index d2bf4a3..44b2422 100644
--- a/usr/local/www/services_rfc2136_edit.php
+++ b/usr/local/www/services_rfc2136_edit.php
@@ -37,8 +37,9 @@ if (!is_array($config['dnsupdates']['dnsupdate'])) {
$a_rfc2136 = &$config['dnsupdates']['dnsupdate'];
-$id = $_GET['id'];
-if (isset($_POST['id']))
+if (is_numericint($_GET['id']))
+ $id = $_GET['id'];
+if (isset($_POST['id']) && is_numericint($_POST['id']))
$id = $_POST['id'];
if (isset($id) && isset($a_rfc2136[$id])) {
diff --git a/usr/local/www/services_wol_edit.php b/usr/local/www/services_wol_edit.php
index c829631..a4cf4ed 100755
--- a/usr/local/www/services_wol_edit.php
+++ b/usr/local/www/services_wol_edit.php
@@ -56,8 +56,9 @@ if (!is_array($config['wol']['wolentry'])) {
}
$a_wol = &$config['wol']['wolentry'];
-$id = $_GET['id'];
-if (isset($_POST['id']))
+if (is_numericint($_GET['id']))
+ $id = $_GET['id'];
+if (isset($_POST['id']) && is_numericint($_POST['id']))
$id = $_POST['id'];
if (isset($id) && $a_wol[$id]) {
diff --git a/usr/local/www/status_captiveportal.php b/usr/local/www/status_captiveportal.php
index d84e9b2..0acbe89 100755
--- a/usr/local/www/status_captiveportal.php
+++ b/usr/local/www/status_captiveportal.php
@@ -188,7 +188,7 @@ $mac_man = load_mac_manufacturer_table();
<?php endif; ?>
<form action="status_captiveportal.php" method="get" style="margin: 14px;">
-<input type="hidden" name="order" value="<?=$_GET['order'];?>" />
+<input type="hidden" name="order" value="<?=htmlspecialchars($_GET['order']);?>" />
<?php if (!empty($cpzone)): ?>
<?php if ($_GET['showact']): ?>
<input type="hidden" name="showact" value="0" />
@@ -197,7 +197,7 @@ $mac_man = load_mac_manufacturer_table();
<input type="hidden" name="showact" value="1" />
<input type="submit" class="formbtn" value="<?=gettext("Show last activity");?>" />
<?php endif; ?>
-<input type="hidden" name="zone" value="<?=$cpzone;?>" />
+<input type="hidden" name="zone" value="<?=htmlspecialchars($cpzone);?>" />
<?php endif; ?>
</form>
<?php include("fend.inc"); ?>
diff --git a/usr/local/www/status_captiveportal_expire.php b/usr/local/www/status_captiveportal_expire.php
index 048df4d..48d3f05 100644
--- a/usr/local/www/status_captiveportal_expire.php
+++ b/usr/local/www/status_captiveportal_expire.php
@@ -88,7 +88,7 @@ include("fbegin.inc");
<tr>
<td width="22%" valign="top">&nbsp;</td>
<td width="78%">
- <input name="zone" type="hidden" value="<?=$cpzone;?>">
+ <input name="zone" type="hidden" value="<?=htmlspecialchars($cpzone);?>">
<input name="Submit" type="submit" class="formbtn" value="<?=gettext("Submit"); ?>">
</td>
</tr>
diff --git a/usr/local/www/status_captiveportal_test.php b/usr/local/www/status_captiveportal_test.php
index 8e7ece7..a0cafbd 100644
--- a/usr/local/www/status_captiveportal_test.php
+++ b/usr/local/www/status_captiveportal_test.php
@@ -90,7 +90,7 @@ include("fbegin.inc");
<tr>
<td width="22%" valign="top">&nbsp;</td>
<td width="78%">
- <input name="zone" type="hidden" value="<?=$cpzone;?>">
+ <input name="zone" type="hidden" value="<?=htmlspecialchars($cpzone);?>">
<input name="Submit" type="submit" class="formbtn" value="<?=gettext("Submit"); ?>">
</td>
</tr>
diff --git a/usr/local/www/status_wireless.php b/usr/local/www/status_wireless.php
index 47da215..f18c9b5 100755
--- a/usr/local/www/status_wireless.php
+++ b/usr/local/www/status_wireless.php
@@ -89,7 +89,7 @@ display_top_tabs($tab_array);
</td></tr>
<tr><td>
<div id="mainarea" class="tabcont">
-<input type="hidden" name="if" id="if" value="<?php echo $if; ?>">
+<input type="hidden" name="if" id="if" value="<?php echo htmlspecialchars($if); ?>">
<b><input type="submit" name="rescanwifi" id="rescanwifi" value="Rescan"></b><br/><br/>
<b><?php echo gettext("Nearby access points or ad-hoc peers"); ?></b>
<table class="tabcont sortable" colspan="3" cellpadding="3" width="100%">
diff --git a/usr/local/www/system_advanced_sysctl.php b/usr/local/www/system_advanced_sysctl.php
index da1aef3..a7b1cee 100644
--- a/usr/local/www/system_advanced_sysctl.php
+++ b/usr/local/www/system_advanced_sysctl.php
@@ -50,8 +50,9 @@ if (!is_array($config['sysctl']['item']))
$a_tunable = &$config['sysctl']['item'];
-$id = $_GET['id'];
-if (isset($_POST['id']))
+if (is_numericint($_GET['id']))
+ $id = $_GET['id'];
+if (isset($_POST['id']) && is_numericint($_POST['id']))
$id = $_POST['id'];
$act = $_GET['act'];
@@ -257,7 +258,7 @@ include("head.inc");
<input id="submit" name="Submit" type="submit" class="formbtn" value="<?=gettext("Save"); ?>" />
<input id="cancelbutton" name="cancelbutton" type="button" class="formbtn" value="<?=gettext("Cancel"); ?>" onclick="history.back()" />
<?php if (isset($id) && $a_tunable[$id]): ?>
- <input name="id" type="hidden" value="<?=$id;?>" />
+ <input name="id" type="hidden" value="<?=htmlspecialchars($id);?>" />
<?php endif; ?>
</td>
</tr>
diff --git a/usr/local/www/system_authservers.php b/usr/local/www/system_authservers.php
index cbf5ebd..6b5c502 100644
--- a/usr/local/www/system_authservers.php
+++ b/usr/local/www/system_authservers.php
@@ -44,8 +44,9 @@ require_once("auth.inc");
$pgtitle = array(gettext("System"), gettext("Authentication Servers"));
$shortcut_section = "authentication";
-$id = $_GET['id'];
-if (isset($_POST['id']))
+if (is_numericint($_GET['id']))
+ $id = $_GET['id'];
+if (isset($_POST['id']) && is_numericint($_POST['id']))
$id = $_POST['id'];
if (!is_array($config['system']['authserver']))
@@ -788,7 +789,7 @@ function select_clicked() {
<td width="78%">
<input id="submit" name="save" type="submit" class="formbtn" value="<?=gettext("Save");?>" />
<?php if (isset($id) && $a_server[$id]): ?>
- <input name="id" type="hidden" value="<?=$id;?>" />
+ <input name="id" type="hidden" value="<?=htmlspecialchars($id);?>" />
<?php endif;?>
</td>
</tr>
diff --git a/usr/local/www/system_camanager.php b/usr/local/www/system_camanager.php
index ebbb882..63669e4 100644
--- a/usr/local/www/system_camanager.php
+++ b/usr/local/www/system_camanager.php
@@ -50,8 +50,9 @@ $openssl_digest_algs = array("sha1", "sha224", "sha256", "sha384", "sha512");
$pgtitle = array(gettext("System"), gettext("Certificate Authority Manager"));
-$id = $_GET['id'];
-if (isset($_POST['id']))
+if (is_numericint($_GET['id']))
+ $id = $_GET['id'];
+if (isset($_POST['id']) && is_numericint($_POST['id']))
$id = $_POST['id'];
if (!is_array($config['ca']))
@@ -369,7 +370,7 @@ function method_change() {
<form action="system_camanager.php" method="post" name="iform" id="iform">
<?php if ($act == "edit"): ?>
<input type="hidden" name="edit" value="edit" id="edit" />
- <input type="hidden" name="id" value="<?php echo $id; ?>" id="id" />
+ <input type="hidden" name="id" value="<?php echo htmlspecialchars($id); ?>" id="id" />
<input type="hidden" name="refid" value="<?php echo $pconfig['refid']; ?>" id="refid" />
<?php endif; ?>
<table width="100%" border="0" cellpadding="6" cellspacing="0" summary="main area">
@@ -577,7 +578,7 @@ function method_change() {
<td width="78%">
<input id="submit" name="save" type="submit" class="formbtn" value="<?=gettext("Save"); ?>" />
<?php if (isset($id) && $a_ca[$id]): ?>
- <input name="id" type="hidden" value="<?=$id;?>" />
+ <input name="id" type="hidden" value="<?=htmlspecialchars($id);?>" />
<?php endif;?>
</td>
</tr>
diff --git a/usr/local/www/system_certmanager.php b/usr/local/www/system_certmanager.php
index ff422de..c761a75 100644
--- a/usr/local/www/system_certmanager.php
+++ b/usr/local/www/system_certmanager.php
@@ -56,18 +56,21 @@ $openssl_digest_algs = array("sha1", "sha224", "sha256", "sha384", "sha512");
$pgtitle = array(gettext("System"), gettext("Certificate Manager"));
-$userid = $_GET['userid'];
-if (isset($_POST['userid']))
+if (is_numericint($_GET['userid']))
+ $userid = $_GET['userid'];
+if (isset($_POST['userid']) && is_numericint($_POST['userid']))
$userid = $_POST['userid'];
-if (is_numeric($userid)) {
+
+if (isset($userid)) {
$cert_methods["existing"] = gettext("Choose an existing certificate");
if (!is_array($config['system']['user']))
$config['system']['user'] = array();
$a_user =& $config['system']['user'];
}
-$id = $_GET['id'];
-if (isset($_POST['id']))
+if (is_numericint($_GET['id']))
+ $id = $_GET['id'];
+if (isset($_POST['id']) && is_numericint($_POST['id']))
$id = $_POST['id'];
if (!is_array($config['ca']))
@@ -975,7 +978,7 @@ function internalca_change() {
<td width="22%" valign="top" class="vncellreq"><?=gettext("Existing Certificates");?></td>
<td width="78%" class="vtable">
<?php if (isset($userid) && $a_user): ?>
- <input name="userid" type="hidden" value="<?=$userid;?>" />
+ <input name="userid" type="hidden" value="<?=htmlspecialchars($userid);?>" />
<?php endif;?>
<select name='certref' class="formselect">
<?php
@@ -1009,7 +1012,7 @@ function internalca_change() {
<td width="78%">
<input id="submit" name="save" type="submit" class="formbtn" value="<?=gettext("Save");?>" />
<?php if (isset($id) && $a_cert[$id]): ?>
- <input name="id" type="hidden" value="<?=$id;?>" />
+ <input name="id" type="hidden" value="<?=htmlspecialchars($id);?>" />
<?php endif;?>
</td>
</tr>
@@ -1062,7 +1065,7 @@ function internalca_change() {
<?php endif; */ ?>
<input id="submit" name="save" type="submit" class="formbtn" value="<?=gettext("Update");?>" />
<?php if (isset($id) && $a_cert[$id]): ?>
- <input name="id" type="hidden" value="<?=$id;?>" />
+ <input name="id" type="hidden" value="<?=htmlspecialchars($id);?>" />
<input name="act" type="hidden" value="csr" />
<?php endif;?>
</td>
diff --git a/usr/local/www/system_crlmanager.php b/usr/local/www/system_crlmanager.php
index 6390a9e..0e3f230 100644
--- a/usr/local/www/system_crlmanager.php
+++ b/usr/local/www/system_crlmanager.php
@@ -49,8 +49,9 @@ $crl_methods = array(
"internal" => gettext("Create an internal Certificate Revocation List"),
"existing" => gettext("Import an existing Certificate Revocation List"));
-$id = $_GET['id'];
-if (isset($_POST['id']))
+if (is_numericint($_GET['id']))
+ $id = $_GET['id'];
+if (isset($_POST['id']) && is_numericint($_POST['id']))
$id = $_POST['id'];
if (!is_array($config['ca']))
@@ -388,7 +389,7 @@ function method_change() {
<td width="78%">
<input id="submit" name="save" type="submit" class="formbtn" value="<?=gettext("Save"); ?>" />
<?php if (isset($id) && $thiscrl): ?>
- <input name="id" type="hidden" value="<?=$id;?>" />
+ <input name="id" type="hidden" value="<?=htmlspecialchars($id);?>" />
<?php endif;?>
</td>
</tr>
@@ -419,7 +420,7 @@ function method_change() {
<td width="22%" valign="top">&nbsp;</td>
<td width="78%">
<input id="submit" name="save" type="submit" class="formbtn" value="<?=gettext("Save"); ?>" />
- <input name="id" type="hidden" value="<?=$id;?>" />
+ <input name="id" type="hidden" value="<?=htmlspecialchars($id);?>" />
<input name="act" type="hidden" value="editimported" />
</td>
</tr>
@@ -637,4 +638,4 @@ method_change();
</script>
</body>
-</html> \ No newline at end of file
+</html>
diff --git a/usr/local/www/system_gateway_groups_edit.php b/usr/local/www/system_gateway_groups_edit.php
index 1656e9a..11a35d2 100755
--- a/usr/local/www/system_gateway_groups_edit.php
+++ b/usr/local/www/system_gateway_groups_edit.php
@@ -55,13 +55,13 @@ $categories = array('down' => gettext("Member Down"),
'downlatency' => gettext("High Latency"),
'downlosslatency' => gettext("Packet Loss or High Latency"));
-$id = $_GET['id'];
-if (isset($_POST['id']))
+if (is_numericint($_GET['id']))
+ $id = $_GET['id'];
+if (isset($_POST['id']) && is_numericint($_POST['id']))
$id = $_POST['id'];
-if (isset($_GET['dup'])) {
+if (isset($_GET['dup']) && is_numericint($_GET['dup']))
$id = $_GET['dup'];
-}
if (isset($id) && $a_gateway_groups[$id]) {
$pconfig['name'] = $a_gateway_groups[$id]['name'];
@@ -70,7 +70,7 @@ if (isset($id) && $a_gateway_groups[$id]) {
$pconfig['trigger'] = $a_gateway_groups[$id]['trigger'];
}
-if (isset($_GET['dup']))
+if (isset($_GET['dup']) && is_numericint($_GET['dup']))
unset($id);
if ($_POST) {
diff --git a/usr/local/www/system_gateways_edit.php b/usr/local/www/system_gateways_edit.php
index f28a34d..a3357ef 100755
--- a/usr/local/www/system_gateways_edit.php
+++ b/usr/local/www/system_gateways_edit.php
@@ -55,13 +55,13 @@ if (!is_array($config['gateways']['gateway_item']))
$a_gateway_item = &$config['gateways']['gateway_item'];
$apinger_default = return_apinger_defaults();
-$id = $_GET['id'];
-if (isset($_POST['id']))
+if (is_numericint($_GET['id']))
+ $id = $_GET['id'];
+if (isset($_POST['id']) && is_numericint($_POST['id']))
$id = $_POST['id'];
-if (isset($_GET['dup'])) {
+if (isset($_GET['dup']) && is_numericint($_GET['dup']))
$id = $_GET['dup'];
-}
if (isset($id) && $a_gateways[$id]) {
$pconfig = array();
@@ -94,7 +94,7 @@ if (isset($id) && $a_gateways[$id]) {
$pconfig['disabled'] = isset($a_gateways[$id]['disabled']);
}
-if (isset($_GET['dup'])) {
+if (isset($_GET['dup']) && is_numericint($_GET['dup'])) {
unset($id);
unset($pconfig['attribute']);
}
diff --git a/usr/local/www/system_groupmanager_addprivs.php b/usr/local/www/system_groupmanager_addprivs.php
index f4e0dd0..ac48a35 100644
--- a/usr/local/www/system_groupmanager_addprivs.php
+++ b/usr/local/www/system_groupmanager_addprivs.php
@@ -55,8 +55,9 @@ require("guiconfig.inc");
$pgtitle = array(gettext("System"),gettext("Group manager"),gettext("Add privileges"));
-$groupid = $_GET['groupid'];
-if (isset($_POST['groupid']))
+if (is_numericint($_GET['groupid']))
+ $groupid = $_GET['groupid'];
+if (isset($_POST['groupid']) && is_numericint($_POST['groupid']))
$groupid = $_POST['groupid'];
$a_group = & $config['system']['group'][$groupid];
@@ -224,7 +225,7 @@ function update_description() {
<input id="submitt" name="Submit" type="submit" class="formbtn" value="<?=gettext("Save");?>" />
<input id="cancelbutton" class="formbtn" type="button" value="<?=gettext("Cancel");?>" onclick="history.back()" />
<?php if (isset($groupid)): ?>
- <input name="groupid" type="hidden" value="<?=$groupid;?>" />
+ <input name="groupid" type="hidden" value="<?=htmlspecialchars($groupid);?>" />
<?php endif; ?>
</td>
</tr>
diff --git a/usr/local/www/system_routes_edit.php b/usr/local/www/system_routes_edit.php
index 4fc531e..e6ab87f 100755
--- a/usr/local/www/system_routes_edit.php
+++ b/usr/local/www/system_routes_edit.php
@@ -50,13 +50,13 @@ if (!is_array($config['staticroutes']['route']))
$a_routes = &$config['staticroutes']['route'];
$a_gateways = return_gateways_array(true, true);
-$id = $_GET['id'];
-if (isset($_POST['id']))
+if (is_numericint($_GET['id']))
+ $id = $_GET['id'];
+if (isset($_POST['id']) && is_numericint($_POST['id']))
$id = $_POST['id'];
-if (isset($_GET['dup'])) {
+if (isset($_GET['dup']) && is_numericint($_GET['dup']))
$id = $_GET['dup'];
-}
if (isset($id) && $a_routes[$id]) {
list($pconfig['network'],$pconfig['network_subnet']) =
@@ -66,7 +66,7 @@ if (isset($id) && $a_routes[$id]) {
$pconfig['disabled'] = isset($a_routes[$id]['disabled']);
}
-if (isset($_GET['dup']))
+if (isset($_GET['dup']) && is_numericint($_GET['dup']))
unset($id);
if ($_POST) {
diff --git a/usr/local/www/system_usermanager.php b/usr/local/www/system_usermanager.php
index 4754941..a424932 100644
--- a/usr/local/www/system_usermanager.php
+++ b/usr/local/www/system_usermanager.php
@@ -53,8 +53,9 @@ require("guiconfig.inc");
// start admin user code
$pgtitle = array(gettext("System"),gettext("User Manager"));
-$id = $_GET['id'];
-if (isset($_POST['id']))
+if (is_numericint($_GET['id']))
+ $id = $_GET['id'];
+if (isset($_POST['id']) && is_numericint($_POST['id']))
$id = $_POST['id'];
if (!is_array($config['system']['user']))
@@ -774,7 +775,7 @@ function sshkeyClicked(obj) {
<td width="78%">
<input id="submit" name="save" type="submit" class="formbtn" value="<?=gettext("Save");?>" />
<?php if (isset($id) && $a_user[$id]): ?>
- <input name="id" type="hidden" value="<?=$id;?>" />
+ <input name="id" type="hidden" value="<?=htmlspecialchars($id);?>" />
<?php endif;?>
</td>
</tr>
diff --git a/usr/local/www/system_usermanager_addprivs.php b/usr/local/www/system_usermanager_addprivs.php
index 8a69310..ff7cc64 100644
--- a/usr/local/www/system_usermanager_addprivs.php
+++ b/usr/local/www/system_usermanager_addprivs.php
@@ -46,8 +46,9 @@ require("guiconfig.inc");
$pgtitle = array("System","User manager","Add privileges");
-$userid = $_GET['userid'];
-if (isset($_POST['userid']))
+if (is_numericint($_GET['userid']))
+ $userid = $_GET['userid'];
+if (isset($_POST['userid']) && is_numericint($_POST['userid']))
$userid = $_POST['userid'];
$a_user = & $config['system']['user'][$userid];
@@ -195,7 +196,7 @@ function update_description() {
<input id="submitt" name="Submit" type="submit" class="formbtn" value="<?=gettext("Save");?>" />
<input id="cancelbutton" class="formbtn" type="button" value="<?=gettext("Cancel");?>" onclick="history.back()" />
<?php if (isset($userid)): ?>
- <input name="userid" type="hidden" value="<?=$userid;?>" />
+ <input name="userid" type="hidden" value="<?=htmlspecialchars($userid);?>" />
<?php endif; ?>
</td>
</tr>
diff --git a/usr/local/www/vpn_ipsec_keys_edit.php b/usr/local/www/vpn_ipsec_keys_edit.php
index a561990..2983954 100644
--- a/usr/local/www/vpn_ipsec_keys_edit.php
+++ b/usr/local/www/vpn_ipsec_keys_edit.php
@@ -46,8 +46,9 @@ if (!is_array($config['ipsec']['mobilekey'])) {
ipsec_mobilekey_sort();
$a_secret = &$config['ipsec']['mobilekey'];
-$id = $_GET['id'];
-if (isset($_POST['id']))
+if (is_numericint($_GET['id']))
+ $id = $_GET['id'];
+if (isset($_POST['id']) && is_numericint($_POST['id']))
$id = $_POST['id'];
if (isset($id) && $a_secret[$id]) {
diff --git a/usr/local/www/vpn_ipsec_phase1.php b/usr/local/www/vpn_ipsec_phase1.php
index baf761b..d59534e 100644
--- a/usr/local/www/vpn_ipsec_phase1.php
+++ b/usr/local/www/vpn_ipsec_phase1.php
@@ -50,17 +50,17 @@ if (!is_array($config['ipsec']['phase2']))
$a_phase1 = &$config['ipsec']['phase1'];
$a_phase2 = &$config['ipsec']['phase2'];
-$p1index = $_GET['p1index'];
-if (isset($_POST['p1index']))
+if (is_numericint($_GET['p1index']))
+ $p1index = $_GET['p1index'];
+if (isset($_POST['p1index']) && is_numericint($_GET['p1index']))
$p1index = $_POST['p1index'];
-if (isset($_GET['dup'])) {
+if (isset($_GET['dup']) && is_numericint($_GET['dup']))
$p1index = $_GET['dup'];
-}
if (isset($p1index) && $a_phase1[$p1index]) {
// don't copy the ikeid on dup
- if (!isset($_GET['dup']))
+ if (!isset($_GET['dup']) || !is_numericint($_GET['dup']))
$pconfig['ikeid'] = $a_phase1[$p1index]['ikeid'];
$old_ph1ent = $a_phase1[$p1index];
@@ -131,7 +131,7 @@ if (isset($p1index) && $a_phase1[$p1index]) {
$pconfig['mobile']=true;
}
-if (isset($_GET['dup']))
+if (isset($_GET['dup']) && is_numericint($_GET['dup']))
unset($p1index);
if ($_POST) {
@@ -866,7 +866,7 @@ function dpdchkbox_change() {
<td width="22%" valign="top">&nbsp;</td>
<td width="78%">
<?php if (isset($p1index) && $a_phase1[$p1index]): ?>
- <input name="p1index" type="hidden" value="<?=$p1index;?>">
+ <input name="p1index" type="hidden" value="<?=htmlspecialchars($p1index);?>">
<?php endif; ?>
<?php if ($pconfig['mobile']): ?>
<input name="mobile" type="hidden" value="true">
diff --git a/usr/local/www/vpn_ipsec_phase2.php b/usr/local/www/vpn_ipsec_phase2.php
index 9254b6b..79c7ae2 100644
--- a/usr/local/www/vpn_ipsec_phase2.php
+++ b/usr/local/www/vpn_ipsec_phase2.php
@@ -51,11 +51,12 @@ if (!is_array($config['ipsec']['phase2']))
$a_phase2 = &$config['ipsec']['phase2'];
-$p2index = $_GET['p2index'];
-if (isset($_POST['p2index']))
+if (is_numericint($_GET['p2index']))
+ $p2index = $_GET['p2index'];
+if (isset($_POST['p2index']) && is_numericint($_GET['p2index']))
$p2index = $_POST['p2index'];
-if (isset($_GET['dup']))
+if (isset($_GET['dup']) && is_numericint($_GET['dup']))
$p2index = $_GET['dup'];
if (isset($p2index) && $a_phase2[$p2index])
@@ -99,7 +100,7 @@ else
$pconfig['mobile']=true;
}
-if (isset($_GET['dup']))
+if (isset($_GET['dup']) && is_numericint($_GET['dup']))
unset($p2index);
if ($_POST) {
@@ -781,7 +782,7 @@ function change_protocol() {
<td width="22%" valign="top">&nbsp;</td>
<td width="78%">
<?php if (isset($p2index) && $a_phase2[$p2index]): ?>
- <input name="p2index" type="hidden" value="<?=$p2index;?>">
+ <input name="p2index" type="hidden" value="<?=htmlspecialchars($p2index);?>">
<?php endif; ?>
<?php if ($pconfig['mobile']): ?>
<input name="mobile" type="hidden" value="true">
diff --git a/usr/local/www/vpn_l2tp_users_edit.php b/usr/local/www/vpn_l2tp_users_edit.php
index f4ef5f0..1dd0a82 100644
--- a/usr/local/www/vpn_l2tp_users_edit.php
+++ b/usr/local/www/vpn_l2tp_users_edit.php
@@ -59,8 +59,9 @@ if (!is_array($config['l2tp']['user'])) {
}
$a_secret = &$config['l2tp']['user'];
-$id = $_GET['id'];
-if (isset($_POST['id']))
+if (is_numericint($_GET['id']))
+ $id = $_GET['id'];
+if (isset($_POST['id']) && is_numericint($_POST['id']))
$id = $_POST['id'];
if (isset($id) && $a_secret[$id]) {
diff --git a/usr/local/www/vpn_openvpn_client.php b/usr/local/www/vpn_openvpn_client.php
index 5604b32..ff5c555 100644
--- a/usr/local/www/vpn_openvpn_client.php
+++ b/usr/local/www/vpn_openvpn_client.php
@@ -60,8 +60,9 @@ if (!is_array($config['crl']))
$a_crl =& $config['crl'];
-$id = $_GET['id'];
-if (isset($_POST['id']))
+if (is_numericint($_GET['id']))
+ $id = $_GET['id'];
+if (isset($_POST['id']) && is_numericint($_POST['id']))
$id = $_POST['id'];
$act = $_GET['act'];
@@ -944,7 +945,7 @@ if ($savemsg)
<input name="save" type="submit" class="formbtn" value="<?=gettext("Save"); ?>">
<input name="act" type="hidden" value="<?=$act;?>">
<?php if (isset($id) && $a_client[$id]): ?>
- <input name="id" type="hidden" value="<?=$id;?>">
+ <input name="id" type="hidden" value="<?=htmlspecialchars($id);?>">
<?php endif; ?>
</td>
</tr>
diff --git a/usr/local/www/vpn_openvpn_csc.php b/usr/local/www/vpn_openvpn_csc.php
index 6272eb1..50e63eb 100644
--- a/usr/local/www/vpn_openvpn_csc.php
+++ b/usr/local/www/vpn_openvpn_csc.php
@@ -45,8 +45,9 @@ if (!is_array($config['openvpn']['openvpn-csc']))
$a_csc = &$config['openvpn']['openvpn-csc'];
-$id = $_GET['id'];
-if (isset($_POST['id']))
+if (is_numericint($_GET['id']))
+ $id = $_GET['id'];
+if (isset($_POST['id']) && is_numericint($_POST['id']))
$id = $_POST['id'];
$act = $_GET['act'];
@@ -732,7 +733,7 @@ function netbios_change() {
<input name="save" type="submit" class="formbtn" value="<?=gettext("Save"); ?>">
<input name="act" type="hidden" value="<?=$act;?>">
<?php if (isset($id) && $a_csc[$id]): ?>
- <input name="id" type="hidden" value="<?=$id;?>">
+ <input name="id" type="hidden" value="<?=htmlspecialchars($id);?>">
<?php endif; ?>
</td>
</tr>
diff --git a/usr/local/www/vpn_openvpn_server.php b/usr/local/www/vpn_openvpn_server.php
index aedff32..0ae8421 100644
--- a/usr/local/www/vpn_openvpn_server.php
+++ b/usr/local/www/vpn_openvpn_server.php
@@ -61,8 +61,9 @@ foreach ($a_crl as $cid => $acrl)
if (!isset($acrl['refid']))
unset ($a_crl[$cid]);
-$id = $_GET['id'];
-if (isset($_POST['id']))
+if (is_numericint($_GET['id']))
+ $id = $_GET['id'];
+if (isset($_POST['id']) && is_numericint($_POST['id']))
$id = $_POST['id'];
$act = $_GET['act'];
@@ -1735,7 +1736,7 @@ if ($savemsg)
<input name="save" type="submit" class="formbtn" value="<?=gettext("Save"); ?>">
<input name="act" type="hidden" value="<?=$act;?>">
<?php if (isset($id) && $a_server[$id]): ?>
- <input name="id" type="hidden" value="<?=$id;?>">
+ <input name="id" type="hidden" value="<?=htmlspecialchars($id);?>">
<?php endif; ?>
</td>
</tr>
diff --git a/usr/local/www/vpn_pppoe_edit.php b/usr/local/www/vpn_pppoe_edit.php
index dfdbf91..662e6ff 100755
--- a/usr/local/www/vpn_pppoe_edit.php
+++ b/usr/local/www/vpn_pppoe_edit.php
@@ -60,8 +60,9 @@ if (!is_array($config['pppoes']['pppoe'])) {
}
$a_pppoes = &$config['pppoes']['pppoe'];
-$id = $_GET['id'];
-if (isset($_POST['id']))
+if (is_numericint($_GET['id']))
+ $id = $_GET['id'];
+if (isset($_POST['id']) && is_numericint($_POST['id']))
$id = $_POST['id'];
if (isset($id) && $a_pppoes[$id]) {
diff --git a/usr/local/www/vpn_pptp_users_edit.php b/usr/local/www/vpn_pptp_users_edit.php
index 24c0063..e32ab9c 100755
--- a/usr/local/www/vpn_pptp_users_edit.php
+++ b/usr/local/www/vpn_pptp_users_edit.php
@@ -56,8 +56,9 @@ if (!is_array($config['pptpd']['user'])) {
}
$a_secret = &$config['pptpd']['user'];
-$id = $_GET['id'];
-if (isset($_POST['id']))
+if (is_numericint($_GET['id']))
+ $id = $_GET['id'];
+if (isset($_POST['id']) && is_numericint($_POST['id']))
$id = $_POST['id'];
if (isset($id) && $a_secret[$id]) {
OpenPOWER on IntegriCloud