diff options
| author | Scott Ullrich <sullrich@pfsense.org> | 2010-11-09 11:38:27 -0500 |
|---|---|---|
| committer | Scott Ullrich <sullrich@pfsense.org> | 2010-11-09 11:38:27 -0500 |
| commit | 034f08e7dd102c09e60184220927e6c5cba9f10c (patch) | |
| tree | fc31493bc38958074835e3e344302084e1d652f4 /usr | |
| parent | fea098864053dada6741b99444f10d4406ddeee6 (diff) | |
| download | pfsense-034f08e7dd102c09e60184220927e6c5cba9f10c.zip pfsense-034f08e7dd102c09e60184220927e6c5cba9f10c.tar.gz | |
Fix Misc XSS issues
Diffstat (limited to 'usr')
| -rwxr-xr-x | usr/local/www/diag_dump_states.php | 8 | ||||
| -rwxr-xr-x | usr/local/www/fbegin.inc | 2 | ||||
| -rwxr-xr-x | usr/local/www/status_rrd_graph.php | 3 |
3 files changed, 6 insertions, 7 deletions
diff --git a/usr/local/www/diag_dump_states.php b/usr/local/www/diag_dump_states.php index a2009c9..69d8dfd 100755 --- a/usr/local/www/diag_dump_states.php +++ b/usr/local/www/diag_dump_states.php @@ -44,8 +44,8 @@ require_once("guiconfig.inc"); /* handle AJAX operations */ if($_GET['action']) { if($_GET['action'] == "remove") { - $srcip = $_GET['srcip']; - $dstip = $_GET['dstip']; + $srcip = escapeshellarg($_GET['srcip']); + $dstip = escapeshellarg($_GET['dstip']); if (is_ipaddr($srcip) and is_ipaddr($dstip)) { $retval = mwexec("/sbin/pfctl -k '{$srcip}' -k '{$dstip}'"); echo htmlentities("|{$srcip}|{$dstip}|{$retval}|"); @@ -58,7 +58,7 @@ if($_GET['action']) { /* get our states */ if($_GET['filter']) { - exec("/sbin/pfctl -s state | grep " . escapeshellarg($_GET['filter']), $states); + exec("/sbin/pfctl -s state | grep " . escapeshellarg(htmlspecialchars($_GET['filter'])), $states); } else { exec("/sbin/pfctl -s state", $states); @@ -135,7 +135,7 @@ include("head.inc"); <td><?=gettext("Current state count:");?> <?=$current_statecount?></td> <td style="font-weight:bold;" align="right"> <?=gettext("Filter expression:");?> - <input type="text" name="filter" class="formfld search" value="<?=$_GET['filter'];?>" size="30" /> + <input type="text" name="filter" class="formfld search" value="<?=htmlspecialchars($_GET['filter']);?>" size="30" /> <input type="submit" class="formbtn" value="<?=gettext("Filter");?>" /> <td> </tr> diff --git a/usr/local/www/fbegin.inc b/usr/local/www/fbegin.inc index eb1c0aa..12f8428 100755 --- a/usr/local/www/fbegin.inc +++ b/usr/local/www/fbegin.inc @@ -221,7 +221,7 @@ if(! $g['disablehelpmenu']) { /* NOTICE ACKNOWLEDGE CODE by Erik Kristensen */ if ($_REQUEST['noticeaction'] == 'acknowledge') { - $notice_id = $_REQUEST['noticeid']; + $notice_id = htmlspecialchars($_REQUEST['noticeid']); close_notice($notice_id); } /**********************************************/ diff --git a/usr/local/www/status_rrd_graph.php b/usr/local/www/status_rrd_graph.php index b4f6911..48f5734 100755 --- a/usr/local/www/status_rrd_graph.php +++ b/usr/local/www/status_rrd_graph.php @@ -54,7 +54,7 @@ $databases = glob("*.rrd"); if ($_GET['cat']) { - $curcat = $_GET['cat']; + $curcat = htmlspecialchars($_GET['cat']); } else { if(! empty($config['rrd']['category'])) { $curcat = $config['rrd']['category']; @@ -281,7 +281,6 @@ function get_dates($curperiod, $graph) { return $dates; } - ?> <body link="#0000CC" vlink="#0000CC" alink="#0000CC"> <?php include("fbegin.inc"); ?> |
