diff options
| author | Ermal <eri@pfsense.org> | 2013-01-24 10:09:06 +0000 |
|---|---|---|
| committer | Ermal <eri@pfsense.org> | 2013-01-24 10:09:06 +0000 |
| commit | 612230234f2522c2c370a1ed3ffd8bb969b50397 (patch) | |
| tree | ead7df9ea51def0eb5dfa80f195dff8012e23c9a /usr | |
| parent | 0e22dda58ddc010d12126ed6af6589ff76d03043 (diff) | |
| download | pfsense-612230234f2522c2c370a1ed3ffd8bb969b50397.zip pfsense-612230234f2522c2c370a1ed3ffd8bb969b50397.tar.gz | |
Validate before taking the input and do anything with it
Diffstat (limited to 'usr')
| -rwxr-xr-x | usr/local/www/vpn_pppoe.php | 3 | ||||
| -rwxr-xr-x | usr/local/www/vpn_pppoe_edit.php | 3 |
2 files changed, 5 insertions, 1 deletions
diff --git a/usr/local/www/vpn_pppoe.php b/usr/local/www/vpn_pppoe.php index 03547d9..1b67ef2 100755 --- a/usr/local/www/vpn_pppoe.php +++ b/usr/local/www/vpn_pppoe.php @@ -75,7 +75,8 @@ if ($_GET['act'] == "del") { if ($a_pppoes[$_GET['id']]) { if ("{$g['varrun_path']}/pppoe" . $a_pppoes[$_GET['id']]['pppoeid'] . "-vpn.pid") killbypid("{$g['varrun_path']}/pppoe" . $a_pppoes[$_GET['id']]['pppoeid'] . "-vpn.pid"); - mwexec("/bin/rm -r {$g['varetc_path']}/pppoe" . $a_pppoes[$_GET['id']]['pppoeid']); + if (is_dir({$g['varetc_path']}/pppoe" . $a_pppoes[$_GET['id']]['pppoeid'])) + mwexec("/bin/rm -r {$g['varetc_path']}/pppoe" . $a_pppoes[$_GET['id']]['pppoeid']); unset($a_pppoes[$_GET['id']]); write_config(); header("Location: vpn_pppoe.php"); diff --git a/usr/local/www/vpn_pppoe_edit.php b/usr/local/www/vpn_pppoe_edit.php index 0919904..9afe2f5 100755 --- a/usr/local/www/vpn_pppoe_edit.php +++ b/usr/local/www/vpn_pppoe_edit.php @@ -145,6 +145,9 @@ if ($_POST) { } } + if ($_POST['pppoeid'] && !is_numeric($_POST['pppoeid'])) + $input_errors[] = gettext("Wrong data submitted"); + if (!$input_errors) { $pppoecfg = array(); |
