diff options
author | Ermal <eri@pfsense.org> | 2012-11-20 09:19:47 +0000 |
---|---|---|
committer | Ermal <eri@pfsense.org> | 2012-11-20 09:19:47 +0000 |
commit | 36f509579fd40903299477ffd4a4900e57786d73 (patch) | |
tree | 9eb73433241f585fb5f6bf326c56a16e354a7e78 /usr | |
parent | 1e5eedbbb5a2ff2a28fb221daba9e40c4c88a4d9 (diff) | |
download | pfsense-36f509579fd40903299477ffd4a4900e57786d73.zip pfsense-36f509579fd40903299477ffd4a4900e57786d73.tar.gz |
Allow only post action and not get to avoid security problems
Diffstat (limited to 'usr')
-rw-r--r-- | usr/local/www/edit.php | 27 |
1 files changed, 12 insertions, 15 deletions
diff --git a/usr/local/www/edit.php b/usr/local/www/edit.php index 56088b4..a87dfa4 100644 --- a/usr/local/www/edit.php +++ b/usr/local/www/edit.php @@ -36,46 +36,43 @@ ##|*MATCH=edit.php* ##|-PRIV -if($_REQUEST['action'] === "load" || $_REQUEST['action'] === "save") - $nocsrf = true; - $pgtitle = array(gettext("Diagnostics"), gettext("Edit file")); require("guiconfig.inc"); -if($_REQUEST['action']) { - switch($_REQUEST['action']) { +if($_POST['action']) { + switch($_POST['action']) { case 'load': - if(strlen($_REQUEST['file']) < 1) { + if(strlen($_POST['file']) < 1) { echo "|5|" . gettext("No file name specified") . ".|"; - } elseif(is_dir($_REQUEST['file'])) { + } elseif(is_dir($_POST['file'])) { echo "|4|" . gettext("Loading a directory is not supported") . ".|"; - } elseif(! is_file($_REQUEST['file'])) { + } elseif(! is_file($_POST['file'])) { echo "|3|" . gettext("File does not exist or is not a regular file") . ".|"; } else { - $data = file_get_contents(urldecode($_REQUEST['file'])); + $data = file_get_contents(urldecode($_POST['file'])); if($data === false) { echo "|1|" . gettext("Failed to read file") . ".|"; } else { - echo "|0|{$_REQUEST['file']}|{$data}|"; + echo "|0|{$_POST['file']}|{$data}|"; } } exit; case 'save': - if(strlen($_REQUEST['file']) < 1) { + if(strlen($_POST['file']) < 1) { echo "|" . gettext("No file name specified") . ".|"; } else { conf_mount_rw(); - $_REQUEST['data'] = str_replace("\r", "", base64_decode($_REQUEST['data'])); - $ret = file_put_contents($_REQUEST['file'], $_REQUEST['data']); + $_POST['data'] = str_replace("\r", "", base64_decode($_POST['data'])); + $ret = file_put_contents($_POST['file'], $_POST['data']); conf_mount_ro(); - if($_REQUEST['file'] == "/conf/config.xml" || $_REQUEST['file'] == "/cf/conf/config.xml") { + if($_POST['file'] == "/conf/config.xml" || $_POST['file'] == "/cf/conf/config.xml") { if(file_exists("/tmp/config.cache")) unlink("/tmp/config.cache"); disable_security_checks(); } if($ret === false) { echo "|" . gettext("Failed to write file") . ".|"; - } elseif($ret <> strlen($_REQUEST['data'])) { + } elseif($ret <> strlen($_POST['data'])) { echo "|" . gettext("Error while writing file") . ".|"; } else { echo "|" . gettext("File successfully saved") . ".|"; |