diff options
author | Renato Botelho <garga@FreeBSD.org> | 2014-06-06 11:48:15 -0300 |
---|---|---|
committer | Renato Botelho <garga@FreeBSD.org> | 2014-06-06 11:53:21 -0300 |
commit | 4cc342453cce69fc8da06ff22bbe79aadb7bd4df (patch) | |
tree | 07225d3243c7bdb170bde55d71c6c1f567e33cc6 /usr | |
parent | cbf16c3020be196a8d3798761bda0b545a6bca3d (diff) | |
download | pfsense-4cc342453cce69fc8da06ff22bbe79aadb7bd4df.zip pfsense-4cc342453cce69fc8da06ff22bbe79aadb7bd4df.tar.gz |
Add some protection to parameters that come through _GET
Diffstat (limited to 'usr')
-rwxr-xr-x | usr/local/www/status_services.php | 12 |
1 files changed, 8 insertions, 4 deletions
diff --git a/usr/local/www/status_services.php b/usr/local/www/status_services.php index 731b79b..61268d6 100755 --- a/usr/local/www/status_services.php +++ b/usr/local/www/status_services.php @@ -41,16 +41,20 @@ require_once("guiconfig.inc"); require_once("service-utils.inc"); require_once("shortcuts.inc"); -if (!empty($_GET['service'])) { +$service_name = ''; +if (isset($_GET['service'])) + $service_name = htmlspecialchars($_GET['service']); + +if (!empty($service_name)) { switch ($_GET['mode']) { case "restartservice": - $savemsg = service_control_restart($_GET['service'], $_GET); + $savemsg = service_control_restart($service_name, $_GET); break; case "startservice": - $savemsg = service_control_start($_GET['service'], $_GET); + $savemsg = service_control_start($service_name, $_GET); break; case "stopservice": - $savemsg = service_control_stop($_GET['service'], $_GET); + $savemsg = service_control_stop($service_name, $_GET); break; } sleep(5); |