summaryrefslogtreecommitdiffstats
path: root/usr
diff options
context:
space:
mode:
authorRenato Botelho <garga@FreeBSD.org>2014-06-06 11:48:15 -0300
committerRenato Botelho <garga@FreeBSD.org>2014-06-06 11:53:21 -0300
commit4cc342453cce69fc8da06ff22bbe79aadb7bd4df (patch)
tree07225d3243c7bdb170bde55d71c6c1f567e33cc6 /usr
parentcbf16c3020be196a8d3798761bda0b545a6bca3d (diff)
downloadpfsense-4cc342453cce69fc8da06ff22bbe79aadb7bd4df.zip
pfsense-4cc342453cce69fc8da06ff22bbe79aadb7bd4df.tar.gz
Add some protection to parameters that come through _GET
Diffstat (limited to 'usr')
-rwxr-xr-xusr/local/www/status_services.php12
1 files changed, 8 insertions, 4 deletions
diff --git a/usr/local/www/status_services.php b/usr/local/www/status_services.php
index 731b79b..61268d6 100755
--- a/usr/local/www/status_services.php
+++ b/usr/local/www/status_services.php
@@ -41,16 +41,20 @@ require_once("guiconfig.inc");
require_once("service-utils.inc");
require_once("shortcuts.inc");
-if (!empty($_GET['service'])) {
+$service_name = '';
+if (isset($_GET['service']))
+ $service_name = htmlspecialchars($_GET['service']);
+
+if (!empty($service_name)) {
switch ($_GET['mode']) {
case "restartservice":
- $savemsg = service_control_restart($_GET['service'], $_GET);
+ $savemsg = service_control_restart($service_name, $_GET);
break;
case "startservice":
- $savemsg = service_control_start($_GET['service'], $_GET);
+ $savemsg = service_control_start($service_name, $_GET);
break;
case "stopservice":
- $savemsg = service_control_stop($_GET['service'], $_GET);
+ $savemsg = service_control_stop($service_name, $_GET);
break;
}
sleep(5);
OpenPOWER on IntegriCloud