Verify posted kernel type against a defined list of good values.

Discovered-By: Yann CAM

1 files changed, 11 insertions, 5 deletions

diff --git a/usr/local/www/system_firmware.php b/usr/local/www/system_firmware.php
index ea3d446..fff77cd 100755
--- a/usr/local/www/system_firmware.php
+++ b/usr/local/www/system_firmware.php
@@ -51,6 +51,13 @@ require_once("guiconfig.inc");
 
 $curcfg = $config['system']['firmware'];
 
+$kerneltypes = array(
+	'SMP' => gettext("Multiprocessor kernel"),
+	'single' => gettext("Uniprocessor kernel"),
+	'wrap' => gettext("Embedded kernel"),
+	'Developers' => gettext("Developers kernel")
+);
+
 require_once("xmlrpc_client.inc");
 
 /* Allow additional execution time 0 = no limit. */
@@ -115,7 +122,7 @@ if(is_subsystem_dirty('firmwarelock')) {
 if($_POST['backupbeforeupgrade']) 
 	touch("/tmp/perform_full_backup.txt");
 
-if($_POST['kerneltype']) {
+if($_POST['kerneltype'] && in_array($_POST['kerneltype'], array_keys($kerneltypes))) {
 	if($_POST['kerneltype'] == "single") 
 		system("touch /boot/kernel/pfsense_kernel.txt");
 	else 
@@ -281,10 +288,9 @@ if(stristr($_FILES['ulfile']['name'],"nanobsd"))
 						  			if($g['platform'] == "pfSense") { 
 										echo gettext("Please select kernel type") , ": ";
 										echo "<select name='kerneltype'>";
-										echo "<option value='SMP'>" . gettext("Multiprocessor kernel") . "</option>";
-										echo "<option value='single'>". gettext("Uniprocessor kernel") . "</option>";
-										echo "<option value='wrap'>" . gettext("Embedded kernel") . "</option>";
-										echo "<option value='Developers'>" . gettext("Developers kernel") . "</option>";
+										foreach($kerneltypes as $kerntype => $kerndescr) {
+											echo "<option value='{$kerntype}'>{$kerndescr}</option>";
+										}
 										echo "</select>";
 										echo "<br>";
 									}