diff options
author | Renato Botelho <garga@FreeBSD.org> | 2014-03-12 11:35:57 -0300 |
---|---|---|
committer | Renato Botelho <garga@FreeBSD.org> | 2014-03-12 11:42:49 -0300 |
commit | e41ec5848f21015068255c1d61d01edf442e8e7e (patch) | |
tree | 45c3214c1e3d638dbacb217cd3de95fb4aa6e770 /usr | |
parent | 49f3f28fea92114b09d3b2d8103398c4adcb3635 (diff) | |
download | pfsense-e41ec5848f21015068255c1d61d01edf442e8e7e.zip pfsense-e41ec5848f21015068255c1d61d01edf442e8e7e.tar.gz |
Improve checks for params 'id', 'dup' and other similar ones to make sure they are numeric integer, also, pass them through htmlspecialchars() before print
Diffstat (limited to 'usr')
66 files changed, 232 insertions, 192 deletions
diff --git a/usr/local/www/firewall_aliases_edit.php b/usr/local/www/firewall_aliases_edit.php index e5702f2..94ba206 100755 --- a/usr/local/www/firewall_aliases_edit.php +++ b/usr/local/www/firewall_aliases_edit.php @@ -92,8 +92,9 @@ function alias_same_type($name, $type) { return true; } -$id = $_GET['id']; -if (isset($_POST['id'])) +if (is_numericint($_GET['id'])) + $id = $_GET['id']; +if (isset($_POST['id']) && is_numericint($_POST['id'])) $id = $_POST['id']; if (isset($id) && $a_aliases[$id]) { diff --git a/usr/local/www/firewall_nat_1to1_edit.php b/usr/local/www/firewall_nat_1to1_edit.php index 80587fd..15bfce2 100755 --- a/usr/local/www/firewall_nat_1to1_edit.php +++ b/usr/local/www/firewall_nat_1to1_edit.php @@ -56,8 +56,9 @@ if (!is_array($config['nat']['onetoone'])) $a_1to1 = &$config['nat']['onetoone']; -$id = $_GET['id']; -if (isset($_POST['id'])) +if (is_numericint($_GET['id'])) + $id = $_GET['id']; +if (isset($_POST['id']) && is_numericint($_POST['id'])) $id = $_POST['id']; $after = $_GET['after']; diff --git a/usr/local/www/firewall_nat_edit.php b/usr/local/www/firewall_nat_edit.php index d9c3cc0..811d451 100755 --- a/usr/local/www/firewall_nat_edit.php +++ b/usr/local/www/firewall_nat_edit.php @@ -56,16 +56,17 @@ if (!is_array($config['nat']['rule'])) { } $a_nat = &$config['nat']['rule']; -$id = $_GET['id']; -if (isset($_POST['id'])) +if (is_numericint($_GET['id'])) + $id = $_GET['id']; +if (isset($_POST['id']) && is_numericint($_POST['id'])) $id = $_POST['id']; -$after = $_GET['after']; - -if (isset($_POST['after'])) +if (is_numericint($_GET['after'])) + $after = $_GET['after']; +if (isset($_POST['after']) && is_numericint($_GET['after'])) $after = $_POST['after']; -if (isset($_GET['dup'])) { +if (isset($_GET['dup']) && is_numericint($_GET['dup'])) { $id = $_GET['dup']; $after = $_GET['dup']; } @@ -105,7 +106,7 @@ if (isset($id) && $a_nat[$id]) { $pconfig['srcendport'] = "any"; } -if (isset($_GET['dup'])) +if (isset($_GET['dup']) && is_numericint($_GET['dup'])) unset($id); /* run through $_POST items encoding HTML entties so that the user @@ -804,7 +805,7 @@ include("fbegin.inc"); ?> </select> </td> </tr> - <?php if (isset($id) && $a_nat[$id] && !isset($_GET['dup'])): ?> + <?php if (isset($id) && $a_nat[$id] && (!isset($_GET['dup']) || !is_numericint($_GET['dup']))): ?> <tr name="assoctable" id="assoctable"> <td width="22%" valign="top" class="vncell"><?=gettext("Filter rule association"); ?></td> <td width="78%" class="vtable"> @@ -835,7 +836,7 @@ include("fbegin.inc"); ?> </td> </tr> <?php endif; ?> - <?php if ((!(isset($id) && $a_nat[$id])) || (isset($_GET['dup']))): ?> + <?php if ((!(isset($id) && $a_nat[$id])) || (isset($_GET['dup']) && is_numericint($_GET['dup']))): ?> <tr name="assoctable" id="assoctable"> <td width="22%" valign="top" class="vncell"><?=gettext("Filter rule association"); ?></td> <td width="78%" class="vtable"> diff --git a/usr/local/www/firewall_nat_npt_edit.php b/usr/local/www/firewall_nat_npt_edit.php index ace491d..87ccacb 100644 --- a/usr/local/www/firewall_nat_npt_edit.php +++ b/usr/local/www/firewall_nat_npt_edit.php @@ -69,8 +69,9 @@ if (!is_array($config['nat']['npt'])) { } $a_npt = &$config['nat']['npt']; -$id = $_GET['id']; -if (isset($_POST['id'])) +if (is_numericint($_GET['id'])) + $id = $_GET['id']; +if (isset($_POST['id']) && is_numericint($_POST['id'])) $id = $_POST['id']; if (isset($id) && $a_npt[$id]) { diff --git a/usr/local/www/firewall_nat_out_edit.php b/usr/local/www/firewall_nat_out_edit.php index 5e113a5..1d2e79d 100755 --- a/usr/local/www/firewall_nat_out_edit.php +++ b/usr/local/www/firewall_nat_out_edit.php @@ -58,19 +58,19 @@ if (!is_array($config['aliases']['alias'])) $config['aliases']['alias'] = array(); $a_aliases = &$config['aliases']['alias']; -$id = $_GET['id']; -if (isset($_POST['id'])) { +if (is_numericint($_GET['id'])) + $id = $_GET['id']; +if (isset($_POST['id']) && is_numericint($_POST['id'])) $id = $_POST['id']; -} - -$after = $_GET['after']; -if (isset($_POST['after'])) +if (is_numericint($_GET['after'])) + $after = $_GET['after']; +if (isset($_POST['after']) && is_numericint($_GET['after'])) $after = $_POST['after']; -if (isset($_GET['dup'])) { - $id = $_GET['dup']; - $after = $_GET['dup']; +if (isset($_GET['dup']) && is_numericint($_GET['dup'])) { + $id = $_GET['dup']; + $after = $_GET['dup']; } if (isset($id) && $a_out[$id]) { @@ -110,9 +110,8 @@ if (isset($id) && $a_out[$id]) { $pconfig['interface'] = "wan"; } -if (isset($_GET['dup'])) { +if (isset($_GET['dup']) && is_numericint($_GET['dup'])) unset($id); -} if ($_POST) { if ($_POST['destination_type'] == "any") { diff --git a/usr/local/www/firewall_rules_edit.php b/usr/local/www/firewall_rules_edit.php index 47bee3b..769c540 100755 --- a/usr/local/www/firewall_rules_edit.php +++ b/usr/local/www/firewall_rules_edit.php @@ -81,18 +81,19 @@ if (!is_array($config['filter']['rule'])) { filter_rules_sort(); $a_filter = &$config['filter']['rule']; -$id = $_GET['id']; -if (is_numeric($_POST['id'])) +if (is_numericint($_GET['id'])) + $id = $_GET['id']; +if (isset($_POST['id']) && is_numericint($_POST['id'])) $id = $_POST['id']; -$after = $_GET['after']; - -if (isset($_POST['after'])) +if (is_numericint($_GET['after'])) + $after = $_GET['after']; +if (isset($_POST['after']) && is_numericint($_GET['after'])) $after = $_POST['after']; -if (isset($_GET['dup'])) { - $id = $_GET['dup']; - $after = $_GET['dup']; +if (isset($_GET['dup']) && is_numericint($_GET['dup'])) { + $id = $_GET['dup']; + $after = $_GET['dup']; } if (isset($id) && $a_filter[$id]) { @@ -203,7 +204,7 @@ if (isset($id) && $a_filter[$id]) { $pconfig['sched'] = (($a_filter[$id]['sched'] == "none") ? '' : $a_filter[$id]['sched']); $pconfig['vlanprio'] = (($a_filter[$id]['vlanprio'] == "none") ? '' : $a_filter[$id]['vlanprio']); $pconfig['vlanprioset'] = (($a_filter[$id]['vlanprioset'] == "none") ? '' : $a_filter[$id]['vlanprioset']); - if (!isset($_GET['dup'])) + if (!isset($_GET['dup']) || !is_numericint($_GET['dup'])) $pconfig['associated-rule-id'] = $a_filter[$id]['associated-rule-id']; $pconfig['tracker'] = $a_filter[$id]['tracker']; @@ -219,7 +220,7 @@ if (isset($id) && $a_filter[$id]) { /* Allow the FloatingRules to work */ $if = $pconfig['interface']; -if (isset($_GET['dup'])) +if (isset($_GET['dup']) && is_numericint($_GET['dup'])) unset($id); read_altq_config(); /* XXX: */ diff --git a/usr/local/www/firewall_schedule_edit.php b/usr/local/www/firewall_schedule_edit.php index f430682..5cc6870 100644 --- a/usr/local/www/firewall_schedule_edit.php +++ b/usr/local/www/firewall_schedule_edit.php @@ -74,9 +74,9 @@ if (!is_array($config['schedules']['schedule'])) $a_schedules = &$config['schedules']['schedule']; - -$id = $_GET['id']; -if (isset($_POST['id'])) +if (is_numericint($_GET['id'])) + $id = $_GET['id']; +if (isset($_POST['id']) && is_numericint($_POST['id'])) $id = $_POST['id']; if (isset($id) && $a_schedules[$id]) { diff --git a/usr/local/www/firewall_virtual_ip.php b/usr/local/www/firewall_virtual_ip.php index b081c46..7d17938 100755 --- a/usr/local/www/firewall_virtual_ip.php +++ b/usr/local/www/firewall_virtual_ip.php @@ -190,7 +190,7 @@ if ($_GET['act'] == "del") { exit; } } -} else if ($_GET['changes'] == "mods") +} else if ($_GET['changes'] == "mods" && is_numericint($_GET['id'])) $id = $_GET['id']; $pgtitle = array(gettext("Firewall"),gettext("Virtual IP Addresses")); @@ -222,7 +222,7 @@ include("head.inc"); ?> </td></tr> <tr> - <td><input type="hidden" id="id" name="id" value="<?php echo $id; ?>" /></td> + <td><input type="hidden" id="id" name="id" value="<?php echo htmlspecialchars($id); ?>" /></td> </tr> <tr> <td> diff --git a/usr/local/www/firewall_virtual_ip_edit.php b/usr/local/www/firewall_virtual_ip_edit.php index 4fbaa65..3a9fe94 100755 --- a/usr/local/www/firewall_virtual_ip_edit.php +++ b/usr/local/www/firewall_virtual_ip_edit.php @@ -58,10 +58,10 @@ if (!is_array($config['virtualip']['vip'])) { } $a_vip = &$config['virtualip']['vip']; -if (isset($_POST['id'])) - $id = $_POST['id']; -else +if (is_numericint($_GET['id'])) $id = $_GET['id']; +if (isset($_POST['id']) && is_numericint($_POST['id'])) + $id = $_POST['id']; function return_first_two_octets($ip) { $ip_split = explode(".", $ip); diff --git a/usr/local/www/interfaces.php b/usr/local/www/interfaces.php index de9f69f..244f7e8 100755 --- a/usr/local/www/interfaces.php +++ b/usr/local/www/interfaces.php @@ -3291,7 +3291,7 @@ $types6 = array("none" => gettext("None"), "staticv6" => gettext("Static IPv6"), <br/> <input id="save" name="Submit" type="submit" class="formbtn" value="<?=gettext("Save"); ?>" /> <input id="cancel" type="button" class="formbtn" value="<?=gettext("Cancel"); ?>" onclick="history.back()" /> - <input name="if" type="hidden" id="if" value="<?=$if;?>" /> + <input name="if" type="hidden" id="if" value="<?=htmlspecialchars($if);?>" /> <?php if ($wancfg['if'] == $a_ppps[$pppid]['if']) : ?> <input name="ppp_port" type="hidden" value="<?=htmlspecialchars($pconfig['port']);?>" /> <?php endif; ?> diff --git a/usr/local/www/interfaces_bridge_edit.php b/usr/local/www/interfaces_bridge_edit.php index 36a9b1a..6b1ff3c 100644 --- a/usr/local/www/interfaces_bridge_edit.php +++ b/usr/local/www/interfaces_bridge_edit.php @@ -51,8 +51,9 @@ foreach ($ifacelist as $bif => $bdescr) { unset($ifacelist[$bif]); } -$id = $_GET['id']; -if (isset($_POST['id'])) +if (is_numericint($_GET['id'])) + $id = $_GET['id']; +if (isset($_POST['id']) && is_numericint($_POST['id'])) $id = $_POST['id']; if (isset($id) && $a_bridges[$id]) { diff --git a/usr/local/www/interfaces_gif_edit.php b/usr/local/www/interfaces_gif_edit.php index 5d091ca..464d980 100644 --- a/usr/local/www/interfaces_gif_edit.php +++ b/usr/local/www/interfaces_gif_edit.php @@ -45,9 +45,9 @@ if (!is_array($config['gifs']['gif'])) $a_gifs = &$config['gifs']['gif']; - -$id = $_GET['id']; -if (isset($_POST['id'])) +if (is_numericint($_GET['id'])) + $id = $_GET['id']; +if (isset($_POST['id']) && is_numericint($_POST['id'])) $id = $_POST['id']; if (isset($id) && $a_gifs[$id]) { diff --git a/usr/local/www/interfaces_gre_edit.php b/usr/local/www/interfaces_gre_edit.php index bd3e420..56f72b9 100644 --- a/usr/local/www/interfaces_gre_edit.php +++ b/usr/local/www/interfaces_gre_edit.php @@ -46,9 +46,9 @@ if (!is_array($config['gres']['gre'])) $a_gres = &$config['gres']['gre']; - -$id = $_GET['id']; -if (isset($_POST['id'])) +if (is_numericint($_GET['id'])) + $id = $_GET['id']; +if (isset($_POST['id']) && is_numericint($_POST['id'])) $id = $_POST['id']; if (isset($id) && $a_gres[$id]) { diff --git a/usr/local/www/interfaces_groups_edit.php b/usr/local/www/interfaces_groups_edit.php index 09053c7..77812dd 100755 --- a/usr/local/www/interfaces_groups_edit.php +++ b/usr/local/www/interfaces_groups_edit.php @@ -49,9 +49,9 @@ if (!is_array($config['ifgroups']['ifgroupentry'])) $a_ifgroups = &$config['ifgroups']['ifgroupentry']; -if (isset($_GET['id'])) +if (is_numericint($_GET['id'])) $id = $_GET['id']; -if (isset($_POST['id'])) +if (isset($_POST['id']) && is_numericint($_POST['id'])) $id = $_POST['id']; if (isset($id) && $a_ifgroups[$id]) { diff --git a/usr/local/www/interfaces_lagg_edit.php b/usr/local/www/interfaces_lagg_edit.php index a830172..fb4758b 100644 --- a/usr/local/www/interfaces_lagg_edit.php +++ b/usr/local/www/interfaces_lagg_edit.php @@ -64,8 +64,9 @@ foreach ($checklist as $tmpif) $laggprotos = array("none", "lacp", "failover", "fec", "loadbalance", "roundrobin"); -$id = $_GET['id']; -if (isset($_POST['id'])) +if (is_numericint($_GET['id'])) + $id = $_GET['id']; +if (isset($_POST['id']) && is_numericint($_POST['id'])) $id = $_POST['id']; if (isset($id) && $a_laggs[$id]) { diff --git a/usr/local/www/interfaces_ppps_edit.php b/usr/local/www/interfaces_ppps_edit.php index 353b4b5..48df691 100644 --- a/usr/local/www/interfaces_ppps_edit.php +++ b/usr/local/www/interfaces_ppps_edit.php @@ -64,8 +64,9 @@ if (is_array($config['vlans']['vlan']) && count($config['vlans']['vlan'])) { } } -$id = $_GET['id']; -if (isset($_POST['id'])) +if (is_numericint($_GET['id'])) + $id = $_GET['id']; +if (isset($_POST['id']) && is_numericint($_POST['id'])) $id = $_POST['id']; if (isset($id) && $a_ppps[$id]) { diff --git a/usr/local/www/interfaces_qinq_edit.php b/usr/local/www/interfaces_qinq_edit.php index 242b26d..93d98c4 100755 --- a/usr/local/www/interfaces_qinq_edit.php +++ b/usr/local/www/interfaces_qinq_edit.php @@ -59,8 +59,9 @@ if (count($portlist) < 1) { exit; } -$id = $_GET['id']; -if (isset($_POST['id'])) +if (is_numericint($_GET['id'])) + $id = $_GET['id']; +if (isset($_POST['id']) && is_numericint($_POST['id'])) $id = $_POST['id']; if (isset($id) && $a_qinqs[$id]) { diff --git a/usr/local/www/interfaces_vlan_edit.php b/usr/local/www/interfaces_vlan_edit.php index acd78e2..a93b687 100755 --- a/usr/local/www/interfaces_vlan_edit.php +++ b/usr/local/www/interfaces_vlan_edit.php @@ -54,8 +54,9 @@ if (is_array($config['laggs']['lagg']) && count($config['laggs']['lagg'])) { $portlist[$lagg['laggif']] = $lagg; } -$id = $_GET['id']; -if (isset($_POST['id'])) +if (is_numericint($_GET['id'])) + $id = $_GET['id']; +if (isset($_POST['id']) && is_numericint($_POST['id'])) $id = $_POST['id']; if (isset($id) && $a_vlans[$id]) { diff --git a/usr/local/www/interfaces_wireless_edit.php b/usr/local/www/interfaces_wireless_edit.php index b34f266..67aefaa 100644 --- a/usr/local/www/interfaces_wireless_edit.php +++ b/usr/local/www/interfaces_wireless_edit.php @@ -65,8 +65,9 @@ function clone_compare($a, $b) { $portlist = get_interface_list(); -$id = $_GET['id']; -if (isset($_POST['id'])) +if (is_numericint($_GET['id'])) + $id = $_GET['id']; +if (isset($_POST['id']) && is_numericint($_POST['id'])) $id = $_POST['id']; if (isset($id) && $a_clones[$id]) { diff --git a/usr/local/www/load_balancer_monitor_edit.php b/usr/local/www/load_balancer_monitor_edit.php index 1a4206c..7df311e 100755 --- a/usr/local/www/load_balancer_monitor_edit.php +++ b/usr/local/www/load_balancer_monitor_edit.php @@ -46,10 +46,10 @@ if (!is_array($config['load_balancer']['monitor_type'])) { } $a_monitor = &$config['load_balancer']['monitor_type']; -if (isset($_POST['id'])) - $id = $_POST['id']; -else +if (is_numericint($_GET['id'])) $id = $_GET['id']; +if (isset($_POST['id']) && is_numericint($_POST['id'])) + $id = $_POST['id']; if (isset($id) && $a_monitor[$id]) { $pconfig['name'] = $a_monitor[$id]['name']; diff --git a/usr/local/www/load_balancer_pool_edit.php b/usr/local/www/load_balancer_pool_edit.php index 13a114a..29f7f19 100755 --- a/usr/local/www/load_balancer_pool_edit.php +++ b/usr/local/www/load_balancer_pool_edit.php @@ -48,10 +48,10 @@ if (!is_array($config['load_balancer']['lbpool'])) { } $a_pool = &$config['load_balancer']['lbpool']; -if (isset($_POST['id'])) - $id = $_POST['id']; -else +if (is_numericint($_GET['id'])) $id = $_GET['id']; +if (isset($_POST['id']) && is_numericint($_POST['id'])) + $id = $_POST['id']; if (isset($id) && $a_pool[$id]) { $pconfig['name'] = $a_pool[$id]['name']; diff --git a/usr/local/www/load_balancer_relay_action_edit.php b/usr/local/www/load_balancer_relay_action_edit.php index edbea87..51f5245 100755 --- a/usr/local/www/load_balancer_relay_action_edit.php +++ b/usr/local/www/load_balancer_relay_action_edit.php @@ -45,10 +45,10 @@ if (!is_array($config['load_balancer']['lbaction'])) { } $a_action = &$config['load_balancer']['lbaction']; -if (isset($_POST['id'])) - $id = $_POST['id']; -else +if (is_numericint($_GET['id'])) $id = $_GET['id']; +if (isset($_POST['id']) && is_numericint($_POST['id'])) + $id = $_POST['id']; if (isset($id) && $a_action[$id]) { $pconfig = array(); diff --git a/usr/local/www/load_balancer_relay_protocol_edit.php b/usr/local/www/load_balancer_relay_protocol_edit.php index 387d00d..c2593a6 100755 --- a/usr/local/www/load_balancer_relay_protocol_edit.php +++ b/usr/local/www/load_balancer_relay_protocol_edit.php @@ -46,10 +46,10 @@ if (!is_array($config['load_balancer']['lbprotocol'])) { } $a_protocol = &$config['load_balancer']['lbprotocol']; -if (isset($_POST['id'])) - $id = $_POST['id']; -else +if (is_numericint($_GET['id'])) $id = $_GET['id']; +if (isset($_POST['id']) && is_numericint($_POST['id'])) + $id = $_POST['id']; if (isset($id) && $a_protocol[$id]) { $pconfig = $a_protocol[$id]; diff --git a/usr/local/www/load_balancer_virtual_server_edit.php b/usr/local/www/load_balancer_virtual_server_edit.php index db7a49f..a326370 100755 --- a/usr/local/www/load_balancer_virtual_server_edit.php +++ b/usr/local/www/load_balancer_virtual_server_edit.php @@ -46,10 +46,10 @@ if (!is_array($config['load_balancer']['virtual_server'])) { } $a_vs = &$config['load_balancer']['virtual_server']; -if (isset($_POST['id'])) - $id = $_POST['id']; -else +if (is_numericint($_GET['id'])) $id = $_GET['id']; +if (isset($_POST['id']) && is_numericint($_POST['id'])) + $id = $_POST['id']; if (isset($id) && $a_vs[$id]) { $pconfig = $a_vs[$id]; diff --git a/usr/local/www/services_captiveportal.php b/usr/local/www/services_captiveportal.php index 3bf53f7..ade0b8f 100755 --- a/usr/local/www/services_captiveportal.php +++ b/usr/local/www/services_captiveportal.php @@ -1061,7 +1061,7 @@ function enable_change(enable_change) { <tr> <td width="22%" valign="top"> </td> <td width="78%"> - <?php echo "<input name='zone' id='zone' type='hidden' value='{$cpzone}'/>"; ?> + <?php echo "<input name='zone' id='zone' type='hidden' value='" . htmlspecialchars($cpzone) . "'/>"; ?> <input name="Submit" type="submit" class="formbtn" value="<?=gettext("Save"); ?>" onClick="enable_change(true)"> <a href="services_captiveportal_zones.php"><input name="Cancel" type="button" class="formbtn" value="<?=gettext("Cancel"); ?>" onClick="enable_change(true)"></a> </td> diff --git a/usr/local/www/services_captiveportal_filemanager.php b/usr/local/www/services_captiveportal_filemanager.php index 0b81d23..34d87a6 100755 --- a/usr/local/www/services_captiveportal_filemanager.php +++ b/usr/local/www/services_captiveportal_filemanager.php @@ -138,7 +138,7 @@ include("head.inc"); <?php include("fbegin.inc"); ?> <body link="#0000CC" vlink="#0000CC" alink="#0000CC"> <form action="services_captiveportal_filemanager.php" method="post" enctype="multipart/form-data" name="iform" id="iform"> -<input type="hidden" name="zone" id="zone" value="<?=$cpzone;?>" /> +<input type="hidden" name="zone" id="zone" value="<?=htmlspecialchars($cpzone);?>" /> <?php if ($input_errors) print_input_errors($input_errors); ?> <table width="100%" border="0" cellpadding="0" cellspacing="0"> <tr><td class="tabnavtbl"> diff --git a/usr/local/www/services_captiveportal_hostname.php b/usr/local/www/services_captiveportal_hostname.php index d23f0e8..2d1fba1 100755 --- a/usr/local/www/services_captiveportal_hostname.php +++ b/usr/local/www/services_captiveportal_hostname.php @@ -98,7 +98,7 @@ include("head.inc"); <?php include("fbegin.inc"); ?> <body link="#0000CC" vlink="#0000CC" alink="#0000CC"> <form action="services_captiveportal_hostname.php" method="post"> -<input type="hidden" name="zone" id="zone" value="<?=$cpzone;?>" /> +<input type="hidden" name="zone" id="zone" value="<?=htmlspecialchars($cpzone);?>" /> <?php if ($savemsg) print_info_box($savemsg); ?> <table width="100%" border="0" cellpadding="0" cellspacing="0"> <tr><td class="tabnavtbl"> diff --git a/usr/local/www/services_captiveportal_hostname_edit.php b/usr/local/www/services_captiveportal_hostname_edit.php index cf01f18..707473c 100755 --- a/usr/local/www/services_captiveportal_hostname_edit.php +++ b/usr/local/www/services_captiveportal_hostname_edit.php @@ -72,8 +72,9 @@ if (!is_array($config['captiveportal'])) $config['captiveportal'] = array(); $a_cp =& $config['captiveportal']; -$id = $_GET['id']; -if (isset($_POST['id'])) +if (is_numericint($_GET['id'])) + $id = $_GET['id']; +if (isset($_POST['id']) && is_numericint($_POST['id'])) $id = $_POST['id']; if (!is_array($a_cp[$cpzone]['allowedhostname'])) diff --git a/usr/local/www/services_captiveportal_ip.php b/usr/local/www/services_captiveportal_ip.php index 3465d07..ab5f965 100755 --- a/usr/local/www/services_captiveportal_ip.php +++ b/usr/local/www/services_captiveportal_ip.php @@ -93,7 +93,7 @@ include("head.inc"); <?php include("fbegin.inc"); ?> <body link="#0000CC" vlink="#0000CC" alink="#0000CC"> <form action="services_captiveportal_ip.php" method="post"> -<input type="hidden" name="zone" id="zone" value="<?=$cpzone;?>" /> +<input type="hidden" name="zone" id="zone" value="<?=htmlspecialchars($cpzone);?>" /> <?php if ($savemsg) print_info_box($savemsg); ?> <table width="100%" border="0" cellpadding="0" cellspacing="0"> <tr><td class="tabnavtbl"> diff --git a/usr/local/www/services_captiveportal_ip_edit.php b/usr/local/www/services_captiveportal_ip_edit.php index f91d680..0ecef07 100755 --- a/usr/local/www/services_captiveportal_ip_edit.php +++ b/usr/local/www/services_captiveportal_ip_edit.php @@ -73,8 +73,9 @@ if (!is_array($config['captiveportal'])) $config['captiveportal'] = array(); $a_cp =& $config['captiveportal']; -$id = $_GET['id']; -if (isset($_POST['id'])) +if (is_numericint($_GET['id'])) + $id = $_GET['id']; +if (isset($_POST['id']) && is_numericint($_POST['id'])) $id = $_POST['id']; if (!is_array($config['captiveportal'][$cpzone]['allowedip'])) diff --git a/usr/local/www/services_captiveportal_mac.php b/usr/local/www/services_captiveportal_mac.php index e636f7b..2d66ab5 100755 --- a/usr/local/www/services_captiveportal_mac.php +++ b/usr/local/www/services_captiveportal_mac.php @@ -143,7 +143,7 @@ include("head.inc"); <?php include("fbegin.inc"); ?> <body link="#0000CC" vlink="#0000CC" alink="#0000CC"> <form action="services_captiveportal_mac.php" method="post"> -<input type="hidden" name="zone" id="zone" value="<?=$cpzone;?>"/> +<input type="hidden" name="zone" id="zone" value="<?=htmlspecialchars($cpzone);?>"/> <?php if ($savemsg) print_info_box($savemsg); ?> <?php if (is_subsystem_dirty('passthrumac')): ?><p> <?php print_info_box_np(gettext("The captive portal MAC address configuration has been changed.<br>You must apply the changes in order for them to take effect."));?><br> diff --git a/usr/local/www/services_captiveportal_mac_edit.php b/usr/local/www/services_captiveportal_mac_edit.php index e03454d..7302c23 100755 --- a/usr/local/www/services_captiveportal_mac_edit.php +++ b/usr/local/www/services_captiveportal_mac_edit.php @@ -73,8 +73,9 @@ if (!is_array($config['captiveportal'])) $config['captiveportal'] = array(); $a_cp =& $config['captiveportal']; -$id = $_GET['id']; -if (isset($_POST['id'])) +if (is_numericint($_GET['id'])) + $id = $_GET['id']; +if (isset($_POST['id']) && is_numericint($_POST['id'])) $id = $_POST['id']; if (!is_array($a_cp[$cpzone]['passthrumac'])) diff --git a/usr/local/www/services_captiveportal_vouchers.php b/usr/local/www/services_captiveportal_vouchers.php index cef0078..1decac5 100644 --- a/usr/local/www/services_captiveportal_vouchers.php +++ b/usr/local/www/services_captiveportal_vouchers.php @@ -629,7 +629,7 @@ function enable_change(enable_change) { <tr> <td width="22%" valign="top"> </td> <td width="78%"> - <input type="hidden" name="zone" id="zone" value="<?=$cpzone;?>" /> + <input type="hidden" name="zone" id="zone" value="<?=htmlspecialchars($cpzone);?>" /> <input type="hidden" name="exponent" id="exponent" value="<?=$pconfig['exponent'];?>" /> <input name="Submit" type="submit" class="formbtn" value="<?=gettext("Save"); ?>" onClick="enable_change(true); before_save();"> <input type="button" class="formbtn" value="<?=gettext("Cancel"); ?>" onclick="history.back()"> diff --git a/usr/local/www/services_captiveportal_vouchers_edit.php b/usr/local/www/services_captiveportal_vouchers_edit.php index bddb389..79e6001 100644 --- a/usr/local/www/services_captiveportal_vouchers_edit.php +++ b/usr/local/www/services_captiveportal_vouchers_edit.php @@ -67,8 +67,9 @@ if (!is_array($config['voucher'][$cpzone]['roll'])) { } $a_roll = &$config['voucher'][$cpzone]['roll']; -$id = $_GET['id']; -if (isset($_POST['id'])) +if (is_numericint($_GET['id'])) + $id = $_GET['id']; +if (isset($_POST['id']) && is_numericint($_POST['id'])) $id = $_POST['id']; if (isset($id) && $a_roll[$id]) { diff --git a/usr/local/www/services_dhcp_edit.php b/usr/local/www/services_dhcp_edit.php index d7ade1c..5f9767c 100755 --- a/usr/local/www/services_dhcp_edit.php +++ b/usr/local/www/services_dhcp_edit.php @@ -86,8 +86,9 @@ $ifcfgip = get_interface_ip($if); $ifcfgsn = get_interface_subnet($if); $ifcfgdescr = convert_friendly_interface_to_friendly_descr($if); -$id = $_GET['id']; -if (isset($_POST['id'])) +if (is_numericint($_GET['id'])) + $id = $_GET['id']; +if (isset($_POST['id']) && is_numericint($_POST['id'])) $id = $_POST['id']; if (isset($id) && $a_maps[$id]) { diff --git a/usr/local/www/services_dhcpv6_edit.php b/usr/local/www/services_dhcpv6_edit.php index 32ac04a..40f71ca 100644 --- a/usr/local/www/services_dhcpv6_edit.php +++ b/usr/local/www/services_dhcpv6_edit.php @@ -82,8 +82,9 @@ $ifcfgipv6 = get_interface_ipv6($if); $ifcfgsnv6 = get_interface_subnetv6($if); $ifcfgdescr = convert_friendly_interface_to_friendly_descr($if); -$id = $_GET['id']; -if (isset($_POST['id'])) +if (is_numericint($_GET['id'])) + $id = $_GET['id']; +if (isset($_POST['id']) && is_numericint($_POST['id'])) $id = $_POST['id']; if (isset($id) && $a_maps[$id]) { diff --git a/usr/local/www/services_dnsmasq_domainoverride_edit.php b/usr/local/www/services_dnsmasq_domainoverride_edit.php index 8d0fce8..1e595da 100755 --- a/usr/local/www/services_dnsmasq_domainoverride_edit.php +++ b/usr/local/www/services_dnsmasq_domainoverride_edit.php @@ -45,9 +45,10 @@ if (!is_array($config['dnsmasq']['domainoverrides'])) { } $a_domainOverrides = &$config['dnsmasq']['domainoverrides']; -$id = $_GET['id']; -if (isset($_POST['id'])) - $id = $_POST['id']; +if (is_numericint($_GET['id'])) + $id = $_GET['id']; +if (isset($_POST['id']) && is_numericint($_POST['id'])) + $id = $_POST['id']; if (isset($id) && $a_domainOverrides[$id]) { $pconfig['domain'] = $a_domainOverrides[$id]['domain']; diff --git a/usr/local/www/services_dnsmasq_edit.php b/usr/local/www/services_dnsmasq_edit.php index c56f759..4efeafd 100755 --- a/usr/local/www/services_dnsmasq_edit.php +++ b/usr/local/www/services_dnsmasq_edit.php @@ -59,8 +59,9 @@ if (!is_array($config['dnsmasq']['hosts'])) $a_hosts = &$config['dnsmasq']['hosts']; -$id = $_GET['id']; -if (isset($_POST['id'])) +if (is_numericint($_GET['id'])) + $id = $_GET['id']; +if (isset($_POST['id']) && is_numericint($_POST['id'])) $id = $_POST['id']; if (isset($id) && $a_hosts[$id]) { diff --git a/usr/local/www/services_dyndns_edit.php b/usr/local/www/services_dyndns_edit.php index 67da1ad..0284988 100644 --- a/usr/local/www/services_dyndns_edit.php +++ b/usr/local/www/services_dyndns_edit.php @@ -56,8 +56,9 @@ if (!is_array($config['dyndnses']['dyndns'])) { $a_dyndns = &$config['dyndnses']['dyndns']; -$id = $_GET['id']; -if (isset($_POST['id'])) +if (is_numericint($_GET['id'])) + $id = $_GET['id']; +if (isset($_POST['id']) && is_numericint($_POST['id'])) $id = $_POST['id']; if (isset($id) && isset($a_dyndns[$id])) { diff --git a/usr/local/www/services_igmpproxy_edit.php b/usr/local/www/services_igmpproxy_edit.php index 92fb71b..9d5fda5 100755 --- a/usr/local/www/services_igmpproxy_edit.php +++ b/usr/local/www/services_igmpproxy_edit.php @@ -53,8 +53,9 @@ if (!is_array($config['igmpproxy']['igmpentry'])) //igmpproxy_sort(); $a_igmpproxy = &$config['igmpproxy']['igmpentry']; -$id = $_GET['id']; -if (isset($_POST['id'])) +if (is_numericint($_GET['id'])) + $id = $_GET['id']; +if (isset($_POST['id']) && is_numericint($_POST['id'])) $id = $_POST['id']; if (isset($id) && $a_igmpproxy[$id]) { diff --git a/usr/local/www/services_rfc2136_edit.php b/usr/local/www/services_rfc2136_edit.php index d2bf4a3..44b2422 100644 --- a/usr/local/www/services_rfc2136_edit.php +++ b/usr/local/www/services_rfc2136_edit.php @@ -37,8 +37,9 @@ if (!is_array($config['dnsupdates']['dnsupdate'])) { $a_rfc2136 = &$config['dnsupdates']['dnsupdate']; -$id = $_GET['id']; -if (isset($_POST['id'])) +if (is_numericint($_GET['id'])) + $id = $_GET['id']; +if (isset($_POST['id']) && is_numericint($_POST['id'])) $id = $_POST['id']; if (isset($id) && isset($a_rfc2136[$id])) { diff --git a/usr/local/www/services_wol_edit.php b/usr/local/www/services_wol_edit.php index c829631..a4cf4ed 100755 --- a/usr/local/www/services_wol_edit.php +++ b/usr/local/www/services_wol_edit.php @@ -56,8 +56,9 @@ if (!is_array($config['wol']['wolentry'])) { } $a_wol = &$config['wol']['wolentry']; -$id = $_GET['id']; -if (isset($_POST['id'])) +if (is_numericint($_GET['id'])) + $id = $_GET['id']; +if (isset($_POST['id']) && is_numericint($_POST['id'])) $id = $_POST['id']; if (isset($id) && $a_wol[$id]) { diff --git a/usr/local/www/status_captiveportal.php b/usr/local/www/status_captiveportal.php index d84e9b2..0acbe89 100755 --- a/usr/local/www/status_captiveportal.php +++ b/usr/local/www/status_captiveportal.php @@ -188,7 +188,7 @@ $mac_man = load_mac_manufacturer_table(); <?php endif; ?> <form action="status_captiveportal.php" method="get" style="margin: 14px;"> -<input type="hidden" name="order" value="<?=$_GET['order'];?>" /> +<input type="hidden" name="order" value="<?=htmlspecialchars($_GET['order']);?>" /> <?php if (!empty($cpzone)): ?> <?php if ($_GET['showact']): ?> <input type="hidden" name="showact" value="0" /> @@ -197,7 +197,7 @@ $mac_man = load_mac_manufacturer_table(); <input type="hidden" name="showact" value="1" /> <input type="submit" class="formbtn" value="<?=gettext("Show last activity");?>" /> <?php endif; ?> -<input type="hidden" name="zone" value="<?=$cpzone;?>" /> +<input type="hidden" name="zone" value="<?=htmlspecialchars($cpzone);?>" /> <?php endif; ?> </form> <?php include("fend.inc"); ?> diff --git a/usr/local/www/status_captiveportal_expire.php b/usr/local/www/status_captiveportal_expire.php index 048df4d..48d3f05 100644 --- a/usr/local/www/status_captiveportal_expire.php +++ b/usr/local/www/status_captiveportal_expire.php @@ -88,7 +88,7 @@ include("fbegin.inc"); <tr> <td width="22%" valign="top"> </td> <td width="78%"> - <input name="zone" type="hidden" value="<?=$cpzone;?>"> + <input name="zone" type="hidden" value="<?=htmlspecialchars($cpzone);?>"> <input name="Submit" type="submit" class="formbtn" value="<?=gettext("Submit"); ?>"> </td> </tr> diff --git a/usr/local/www/status_captiveportal_test.php b/usr/local/www/status_captiveportal_test.php index 8e7ece7..a0cafbd 100644 --- a/usr/local/www/status_captiveportal_test.php +++ b/usr/local/www/status_captiveportal_test.php @@ -90,7 +90,7 @@ include("fbegin.inc"); <tr> <td width="22%" valign="top"> </td> <td width="78%"> - <input name="zone" type="hidden" value="<?=$cpzone;?>"> + <input name="zone" type="hidden" value="<?=htmlspecialchars($cpzone);?>"> <input name="Submit" type="submit" class="formbtn" value="<?=gettext("Submit"); ?>"> </td> </tr> diff --git a/usr/local/www/status_wireless.php b/usr/local/www/status_wireless.php index 47da215..f18c9b5 100755 --- a/usr/local/www/status_wireless.php +++ b/usr/local/www/status_wireless.php @@ -89,7 +89,7 @@ display_top_tabs($tab_array); </td></tr> <tr><td> <div id="mainarea" class="tabcont"> -<input type="hidden" name="if" id="if" value="<?php echo $if; ?>"> +<input type="hidden" name="if" id="if" value="<?php echo htmlspecialchars($if); ?>"> <b><input type="submit" name="rescanwifi" id="rescanwifi" value="Rescan"></b><br/><br/> <b><?php echo gettext("Nearby access points or ad-hoc peers"); ?></b> <table class="tabcont sortable" colspan="3" cellpadding="3" width="100%"> diff --git a/usr/local/www/system_advanced_sysctl.php b/usr/local/www/system_advanced_sysctl.php index da1aef3..a7b1cee 100644 --- a/usr/local/www/system_advanced_sysctl.php +++ b/usr/local/www/system_advanced_sysctl.php @@ -50,8 +50,9 @@ if (!is_array($config['sysctl']['item'])) $a_tunable = &$config['sysctl']['item']; -$id = $_GET['id']; -if (isset($_POST['id'])) +if (is_numericint($_GET['id'])) + $id = $_GET['id']; +if (isset($_POST['id']) && is_numericint($_POST['id'])) $id = $_POST['id']; $act = $_GET['act']; @@ -257,7 +258,7 @@ include("head.inc"); <input id="submit" name="Submit" type="submit" class="formbtn" value="<?=gettext("Save"); ?>" /> <input id="cancelbutton" name="cancelbutton" type="button" class="formbtn" value="<?=gettext("Cancel"); ?>" onclick="history.back()" /> <?php if (isset($id) && $a_tunable[$id]): ?> - <input name="id" type="hidden" value="<?=$id;?>" /> + <input name="id" type="hidden" value="<?=htmlspecialchars($id);?>" /> <?php endif; ?> </td> </tr> diff --git a/usr/local/www/system_authservers.php b/usr/local/www/system_authservers.php index cbf5ebd..6b5c502 100644 --- a/usr/local/www/system_authservers.php +++ b/usr/local/www/system_authservers.php @@ -44,8 +44,9 @@ require_once("auth.inc"); $pgtitle = array(gettext("System"), gettext("Authentication Servers")); $shortcut_section = "authentication"; -$id = $_GET['id']; -if (isset($_POST['id'])) +if (is_numericint($_GET['id'])) + $id = $_GET['id']; +if (isset($_POST['id']) && is_numericint($_POST['id'])) $id = $_POST['id']; if (!is_array($config['system']['authserver'])) @@ -788,7 +789,7 @@ function select_clicked() { <td width="78%"> <input id="submit" name="save" type="submit" class="formbtn" value="<?=gettext("Save");?>" /> <?php if (isset($id) && $a_server[$id]): ?> - <input name="id" type="hidden" value="<?=$id;?>" /> + <input name="id" type="hidden" value="<?=htmlspecialchars($id);?>" /> <?php endif;?> </td> </tr> diff --git a/usr/local/www/system_camanager.php b/usr/local/www/system_camanager.php index ebbb882..63669e4 100644 --- a/usr/local/www/system_camanager.php +++ b/usr/local/www/system_camanager.php @@ -50,8 +50,9 @@ $openssl_digest_algs = array("sha1", "sha224", "sha256", "sha384", "sha512"); $pgtitle = array(gettext("System"), gettext("Certificate Authority Manager")); -$id = $_GET['id']; -if (isset($_POST['id'])) +if (is_numericint($_GET['id'])) + $id = $_GET['id']; +if (isset($_POST['id']) && is_numericint($_POST['id'])) $id = $_POST['id']; if (!is_array($config['ca'])) @@ -369,7 +370,7 @@ function method_change() { <form action="system_camanager.php" method="post" name="iform" id="iform"> <?php if ($act == "edit"): ?> <input type="hidden" name="edit" value="edit" id="edit" /> - <input type="hidden" name="id" value="<?php echo $id; ?>" id="id" /> + <input type="hidden" name="id" value="<?php echo htmlspecialchars($id); ?>" id="id" /> <input type="hidden" name="refid" value="<?php echo $pconfig['refid']; ?>" id="refid" /> <?php endif; ?> <table width="100%" border="0" cellpadding="6" cellspacing="0" summary="main area"> @@ -577,7 +578,7 @@ function method_change() { <td width="78%"> <input id="submit" name="save" type="submit" class="formbtn" value="<?=gettext("Save"); ?>" /> <?php if (isset($id) && $a_ca[$id]): ?> - <input name="id" type="hidden" value="<?=$id;?>" /> + <input name="id" type="hidden" value="<?=htmlspecialchars($id);?>" /> <?php endif;?> </td> </tr> diff --git a/usr/local/www/system_certmanager.php b/usr/local/www/system_certmanager.php index ff422de..c761a75 100644 --- a/usr/local/www/system_certmanager.php +++ b/usr/local/www/system_certmanager.php @@ -56,18 +56,21 @@ $openssl_digest_algs = array("sha1", "sha224", "sha256", "sha384", "sha512"); $pgtitle = array(gettext("System"), gettext("Certificate Manager")); -$userid = $_GET['userid']; -if (isset($_POST['userid'])) +if (is_numericint($_GET['userid'])) + $userid = $_GET['userid']; +if (isset($_POST['userid']) && is_numericint($_POST['userid'])) $userid = $_POST['userid']; -if (is_numeric($userid)) { + +if (isset($userid)) { $cert_methods["existing"] = gettext("Choose an existing certificate"); if (!is_array($config['system']['user'])) $config['system']['user'] = array(); $a_user =& $config['system']['user']; } -$id = $_GET['id']; -if (isset($_POST['id'])) +if (is_numericint($_GET['id'])) + $id = $_GET['id']; +if (isset($_POST['id']) && is_numericint($_POST['id'])) $id = $_POST['id']; if (!is_array($config['ca'])) @@ -975,7 +978,7 @@ function internalca_change() { <td width="22%" valign="top" class="vncellreq"><?=gettext("Existing Certificates");?></td> <td width="78%" class="vtable"> <?php if (isset($userid) && $a_user): ?> - <input name="userid" type="hidden" value="<?=$userid;?>" /> + <input name="userid" type="hidden" value="<?=htmlspecialchars($userid);?>" /> <?php endif;?> <select name='certref' class="formselect"> <?php @@ -1009,7 +1012,7 @@ function internalca_change() { <td width="78%"> <input id="submit" name="save" type="submit" class="formbtn" value="<?=gettext("Save");?>" /> <?php if (isset($id) && $a_cert[$id]): ?> - <input name="id" type="hidden" value="<?=$id;?>" /> + <input name="id" type="hidden" value="<?=htmlspecialchars($id);?>" /> <?php endif;?> </td> </tr> @@ -1062,7 +1065,7 @@ function internalca_change() { <?php endif; */ ?> <input id="submit" name="save" type="submit" class="formbtn" value="<?=gettext("Update");?>" /> <?php if (isset($id) && $a_cert[$id]): ?> - <input name="id" type="hidden" value="<?=$id;?>" /> + <input name="id" type="hidden" value="<?=htmlspecialchars($id);?>" /> <input name="act" type="hidden" value="csr" /> <?php endif;?> </td> diff --git a/usr/local/www/system_crlmanager.php b/usr/local/www/system_crlmanager.php index 6390a9e..0e3f230 100644 --- a/usr/local/www/system_crlmanager.php +++ b/usr/local/www/system_crlmanager.php @@ -49,8 +49,9 @@ $crl_methods = array( "internal" => gettext("Create an internal Certificate Revocation List"), "existing" => gettext("Import an existing Certificate Revocation List")); -$id = $_GET['id']; -if (isset($_POST['id'])) +if (is_numericint($_GET['id'])) + $id = $_GET['id']; +if (isset($_POST['id']) && is_numericint($_POST['id'])) $id = $_POST['id']; if (!is_array($config['ca'])) @@ -388,7 +389,7 @@ function method_change() { <td width="78%"> <input id="submit" name="save" type="submit" class="formbtn" value="<?=gettext("Save"); ?>" /> <?php if (isset($id) && $thiscrl): ?> - <input name="id" type="hidden" value="<?=$id;?>" /> + <input name="id" type="hidden" value="<?=htmlspecialchars($id);?>" /> <?php endif;?> </td> </tr> @@ -419,7 +420,7 @@ function method_change() { <td width="22%" valign="top"> </td> <td width="78%"> <input id="submit" name="save" type="submit" class="formbtn" value="<?=gettext("Save"); ?>" /> - <input name="id" type="hidden" value="<?=$id;?>" /> + <input name="id" type="hidden" value="<?=htmlspecialchars($id);?>" /> <input name="act" type="hidden" value="editimported" /> </td> </tr> @@ -637,4 +638,4 @@ method_change(); </script> </body> -</html>
\ No newline at end of file +</html> diff --git a/usr/local/www/system_gateway_groups_edit.php b/usr/local/www/system_gateway_groups_edit.php index 1656e9a..11a35d2 100755 --- a/usr/local/www/system_gateway_groups_edit.php +++ b/usr/local/www/system_gateway_groups_edit.php @@ -55,13 +55,13 @@ $categories = array('down' => gettext("Member Down"), 'downlatency' => gettext("High Latency"), 'downlosslatency' => gettext("Packet Loss or High Latency")); -$id = $_GET['id']; -if (isset($_POST['id'])) +if (is_numericint($_GET['id'])) + $id = $_GET['id']; +if (isset($_POST['id']) && is_numericint($_POST['id'])) $id = $_POST['id']; -if (isset($_GET['dup'])) { +if (isset($_GET['dup']) && is_numericint($_GET['dup'])) $id = $_GET['dup']; -} if (isset($id) && $a_gateway_groups[$id]) { $pconfig['name'] = $a_gateway_groups[$id]['name']; @@ -70,7 +70,7 @@ if (isset($id) && $a_gateway_groups[$id]) { $pconfig['trigger'] = $a_gateway_groups[$id]['trigger']; } -if (isset($_GET['dup'])) +if (isset($_GET['dup']) && is_numericint($_GET['dup'])) unset($id); if ($_POST) { diff --git a/usr/local/www/system_gateways_edit.php b/usr/local/www/system_gateways_edit.php index f28a34d..a3357ef 100755 --- a/usr/local/www/system_gateways_edit.php +++ b/usr/local/www/system_gateways_edit.php @@ -55,13 +55,13 @@ if (!is_array($config['gateways']['gateway_item'])) $a_gateway_item = &$config['gateways']['gateway_item']; $apinger_default = return_apinger_defaults(); -$id = $_GET['id']; -if (isset($_POST['id'])) +if (is_numericint($_GET['id'])) + $id = $_GET['id']; +if (isset($_POST['id']) && is_numericint($_POST['id'])) $id = $_POST['id']; -if (isset($_GET['dup'])) { +if (isset($_GET['dup']) && is_numericint($_GET['dup'])) $id = $_GET['dup']; -} if (isset($id) && $a_gateways[$id]) { $pconfig = array(); @@ -94,7 +94,7 @@ if (isset($id) && $a_gateways[$id]) { $pconfig['disabled'] = isset($a_gateways[$id]['disabled']); } -if (isset($_GET['dup'])) { +if (isset($_GET['dup']) && is_numericint($_GET['dup'])) { unset($id); unset($pconfig['attribute']); } diff --git a/usr/local/www/system_groupmanager_addprivs.php b/usr/local/www/system_groupmanager_addprivs.php index f4e0dd0..ac48a35 100644 --- a/usr/local/www/system_groupmanager_addprivs.php +++ b/usr/local/www/system_groupmanager_addprivs.php @@ -55,8 +55,9 @@ require("guiconfig.inc"); $pgtitle = array(gettext("System"),gettext("Group manager"),gettext("Add privileges")); -$groupid = $_GET['groupid']; -if (isset($_POST['groupid'])) +if (is_numericint($_GET['groupid'])) + $groupid = $_GET['groupid']; +if (isset($_POST['groupid']) && is_numericint($_POST['groupid'])) $groupid = $_POST['groupid']; $a_group = & $config['system']['group'][$groupid]; @@ -224,7 +225,7 @@ function update_description() { <input id="submitt" name="Submit" type="submit" class="formbtn" value="<?=gettext("Save");?>" /> <input id="cancelbutton" class="formbtn" type="button" value="<?=gettext("Cancel");?>" onclick="history.back()" /> <?php if (isset($groupid)): ?> - <input name="groupid" type="hidden" value="<?=$groupid;?>" /> + <input name="groupid" type="hidden" value="<?=htmlspecialchars($groupid);?>" /> <?php endif; ?> </td> </tr> diff --git a/usr/local/www/system_routes_edit.php b/usr/local/www/system_routes_edit.php index 4fc531e..e6ab87f 100755 --- a/usr/local/www/system_routes_edit.php +++ b/usr/local/www/system_routes_edit.php @@ -50,13 +50,13 @@ if (!is_array($config['staticroutes']['route'])) $a_routes = &$config['staticroutes']['route']; $a_gateways = return_gateways_array(true, true); -$id = $_GET['id']; -if (isset($_POST['id'])) +if (is_numericint($_GET['id'])) + $id = $_GET['id']; +if (isset($_POST['id']) && is_numericint($_POST['id'])) $id = $_POST['id']; -if (isset($_GET['dup'])) { +if (isset($_GET['dup']) && is_numericint($_GET['dup'])) $id = $_GET['dup']; -} if (isset($id) && $a_routes[$id]) { list($pconfig['network'],$pconfig['network_subnet']) = @@ -66,7 +66,7 @@ if (isset($id) && $a_routes[$id]) { $pconfig['disabled'] = isset($a_routes[$id]['disabled']); } -if (isset($_GET['dup'])) +if (isset($_GET['dup']) && is_numericint($_GET['dup'])) unset($id); if ($_POST) { diff --git a/usr/local/www/system_usermanager.php b/usr/local/www/system_usermanager.php index 4754941..a424932 100644 --- a/usr/local/www/system_usermanager.php +++ b/usr/local/www/system_usermanager.php @@ -53,8 +53,9 @@ require("guiconfig.inc"); // start admin user code $pgtitle = array(gettext("System"),gettext("User Manager")); -$id = $_GET['id']; -if (isset($_POST['id'])) +if (is_numericint($_GET['id'])) + $id = $_GET['id']; +if (isset($_POST['id']) && is_numericint($_POST['id'])) $id = $_POST['id']; if (!is_array($config['system']['user'])) @@ -774,7 +775,7 @@ function sshkeyClicked(obj) { <td width="78%"> <input id="submit" name="save" type="submit" class="formbtn" value="<?=gettext("Save");?>" /> <?php if (isset($id) && $a_user[$id]): ?> - <input name="id" type="hidden" value="<?=$id;?>" /> + <input name="id" type="hidden" value="<?=htmlspecialchars($id);?>" /> <?php endif;?> </td> </tr> diff --git a/usr/local/www/system_usermanager_addprivs.php b/usr/local/www/system_usermanager_addprivs.php index 8a69310..ff7cc64 100644 --- a/usr/local/www/system_usermanager_addprivs.php +++ b/usr/local/www/system_usermanager_addprivs.php @@ -46,8 +46,9 @@ require("guiconfig.inc"); $pgtitle = array("System","User manager","Add privileges"); -$userid = $_GET['userid']; -if (isset($_POST['userid'])) +if (is_numericint($_GET['userid'])) + $userid = $_GET['userid']; +if (isset($_POST['userid']) && is_numericint($_POST['userid'])) $userid = $_POST['userid']; $a_user = & $config['system']['user'][$userid]; @@ -195,7 +196,7 @@ function update_description() { <input id="submitt" name="Submit" type="submit" class="formbtn" value="<?=gettext("Save");?>" /> <input id="cancelbutton" class="formbtn" type="button" value="<?=gettext("Cancel");?>" onclick="history.back()" /> <?php if (isset($userid)): ?> - <input name="userid" type="hidden" value="<?=$userid;?>" /> + <input name="userid" type="hidden" value="<?=htmlspecialchars($userid);?>" /> <?php endif; ?> </td> </tr> diff --git a/usr/local/www/vpn_ipsec_keys_edit.php b/usr/local/www/vpn_ipsec_keys_edit.php index a561990..2983954 100644 --- a/usr/local/www/vpn_ipsec_keys_edit.php +++ b/usr/local/www/vpn_ipsec_keys_edit.php @@ -46,8 +46,9 @@ if (!is_array($config['ipsec']['mobilekey'])) { ipsec_mobilekey_sort(); $a_secret = &$config['ipsec']['mobilekey']; -$id = $_GET['id']; -if (isset($_POST['id'])) +if (is_numericint($_GET['id'])) + $id = $_GET['id']; +if (isset($_POST['id']) && is_numericint($_POST['id'])) $id = $_POST['id']; if (isset($id) && $a_secret[$id]) { diff --git a/usr/local/www/vpn_ipsec_phase1.php b/usr/local/www/vpn_ipsec_phase1.php index baf761b..d59534e 100644 --- a/usr/local/www/vpn_ipsec_phase1.php +++ b/usr/local/www/vpn_ipsec_phase1.php @@ -50,17 +50,17 @@ if (!is_array($config['ipsec']['phase2'])) $a_phase1 = &$config['ipsec']['phase1']; $a_phase2 = &$config['ipsec']['phase2']; -$p1index = $_GET['p1index']; -if (isset($_POST['p1index'])) +if (is_numericint($_GET['p1index'])) + $p1index = $_GET['p1index']; +if (isset($_POST['p1index']) && is_numericint($_GET['p1index'])) $p1index = $_POST['p1index']; -if (isset($_GET['dup'])) { +if (isset($_GET['dup']) && is_numericint($_GET['dup'])) $p1index = $_GET['dup']; -} if (isset($p1index) && $a_phase1[$p1index]) { // don't copy the ikeid on dup - if (!isset($_GET['dup'])) + if (!isset($_GET['dup']) || !is_numericint($_GET['dup'])) $pconfig['ikeid'] = $a_phase1[$p1index]['ikeid']; $old_ph1ent = $a_phase1[$p1index]; @@ -131,7 +131,7 @@ if (isset($p1index) && $a_phase1[$p1index]) { $pconfig['mobile']=true; } -if (isset($_GET['dup'])) +if (isset($_GET['dup']) && is_numericint($_GET['dup'])) unset($p1index); if ($_POST) { @@ -866,7 +866,7 @@ function dpdchkbox_change() { <td width="22%" valign="top"> </td> <td width="78%"> <?php if (isset($p1index) && $a_phase1[$p1index]): ?> - <input name="p1index" type="hidden" value="<?=$p1index;?>"> + <input name="p1index" type="hidden" value="<?=htmlspecialchars($p1index);?>"> <?php endif; ?> <?php if ($pconfig['mobile']): ?> <input name="mobile" type="hidden" value="true"> diff --git a/usr/local/www/vpn_ipsec_phase2.php b/usr/local/www/vpn_ipsec_phase2.php index 9254b6b..79c7ae2 100644 --- a/usr/local/www/vpn_ipsec_phase2.php +++ b/usr/local/www/vpn_ipsec_phase2.php @@ -51,11 +51,12 @@ if (!is_array($config['ipsec']['phase2'])) $a_phase2 = &$config['ipsec']['phase2']; -$p2index = $_GET['p2index']; -if (isset($_POST['p2index'])) +if (is_numericint($_GET['p2index'])) + $p2index = $_GET['p2index']; +if (isset($_POST['p2index']) && is_numericint($_GET['p2index'])) $p2index = $_POST['p2index']; -if (isset($_GET['dup'])) +if (isset($_GET['dup']) && is_numericint($_GET['dup'])) $p2index = $_GET['dup']; if (isset($p2index) && $a_phase2[$p2index]) @@ -99,7 +100,7 @@ else $pconfig['mobile']=true; } -if (isset($_GET['dup'])) +if (isset($_GET['dup']) && is_numericint($_GET['dup'])) unset($p2index); if ($_POST) { @@ -781,7 +782,7 @@ function change_protocol() { <td width="22%" valign="top"> </td> <td width="78%"> <?php if (isset($p2index) && $a_phase2[$p2index]): ?> - <input name="p2index" type="hidden" value="<?=$p2index;?>"> + <input name="p2index" type="hidden" value="<?=htmlspecialchars($p2index);?>"> <?php endif; ?> <?php if ($pconfig['mobile']): ?> <input name="mobile" type="hidden" value="true"> diff --git a/usr/local/www/vpn_l2tp_users_edit.php b/usr/local/www/vpn_l2tp_users_edit.php index f4ef5f0..1dd0a82 100644 --- a/usr/local/www/vpn_l2tp_users_edit.php +++ b/usr/local/www/vpn_l2tp_users_edit.php @@ -59,8 +59,9 @@ if (!is_array($config['l2tp']['user'])) { } $a_secret = &$config['l2tp']['user']; -$id = $_GET['id']; -if (isset($_POST['id'])) +if (is_numericint($_GET['id'])) + $id = $_GET['id']; +if (isset($_POST['id']) && is_numericint($_POST['id'])) $id = $_POST['id']; if (isset($id) && $a_secret[$id]) { diff --git a/usr/local/www/vpn_openvpn_client.php b/usr/local/www/vpn_openvpn_client.php index 5604b32..ff5c555 100644 --- a/usr/local/www/vpn_openvpn_client.php +++ b/usr/local/www/vpn_openvpn_client.php @@ -60,8 +60,9 @@ if (!is_array($config['crl'])) $a_crl =& $config['crl']; -$id = $_GET['id']; -if (isset($_POST['id'])) +if (is_numericint($_GET['id'])) + $id = $_GET['id']; +if (isset($_POST['id']) && is_numericint($_POST['id'])) $id = $_POST['id']; $act = $_GET['act']; @@ -944,7 +945,7 @@ if ($savemsg) <input name="save" type="submit" class="formbtn" value="<?=gettext("Save"); ?>"> <input name="act" type="hidden" value="<?=$act;?>"> <?php if (isset($id) && $a_client[$id]): ?> - <input name="id" type="hidden" value="<?=$id;?>"> + <input name="id" type="hidden" value="<?=htmlspecialchars($id);?>"> <?php endif; ?> </td> </tr> diff --git a/usr/local/www/vpn_openvpn_csc.php b/usr/local/www/vpn_openvpn_csc.php index 6272eb1..50e63eb 100644 --- a/usr/local/www/vpn_openvpn_csc.php +++ b/usr/local/www/vpn_openvpn_csc.php @@ -45,8 +45,9 @@ if (!is_array($config['openvpn']['openvpn-csc'])) $a_csc = &$config['openvpn']['openvpn-csc']; -$id = $_GET['id']; -if (isset($_POST['id'])) +if (is_numericint($_GET['id'])) + $id = $_GET['id']; +if (isset($_POST['id']) && is_numericint($_POST['id'])) $id = $_POST['id']; $act = $_GET['act']; @@ -732,7 +733,7 @@ function netbios_change() { <input name="save" type="submit" class="formbtn" value="<?=gettext("Save"); ?>"> <input name="act" type="hidden" value="<?=$act;?>"> <?php if (isset($id) && $a_csc[$id]): ?> - <input name="id" type="hidden" value="<?=$id;?>"> + <input name="id" type="hidden" value="<?=htmlspecialchars($id);?>"> <?php endif; ?> </td> </tr> diff --git a/usr/local/www/vpn_openvpn_server.php b/usr/local/www/vpn_openvpn_server.php index aedff32..0ae8421 100644 --- a/usr/local/www/vpn_openvpn_server.php +++ b/usr/local/www/vpn_openvpn_server.php @@ -61,8 +61,9 @@ foreach ($a_crl as $cid => $acrl) if (!isset($acrl['refid'])) unset ($a_crl[$cid]); -$id = $_GET['id']; -if (isset($_POST['id'])) +if (is_numericint($_GET['id'])) + $id = $_GET['id']; +if (isset($_POST['id']) && is_numericint($_POST['id'])) $id = $_POST['id']; $act = $_GET['act']; @@ -1735,7 +1736,7 @@ if ($savemsg) <input name="save" type="submit" class="formbtn" value="<?=gettext("Save"); ?>"> <input name="act" type="hidden" value="<?=$act;?>"> <?php if (isset($id) && $a_server[$id]): ?> - <input name="id" type="hidden" value="<?=$id;?>"> + <input name="id" type="hidden" value="<?=htmlspecialchars($id);?>"> <?php endif; ?> </td> </tr> diff --git a/usr/local/www/vpn_pppoe_edit.php b/usr/local/www/vpn_pppoe_edit.php index dfdbf91..662e6ff 100755 --- a/usr/local/www/vpn_pppoe_edit.php +++ b/usr/local/www/vpn_pppoe_edit.php @@ -60,8 +60,9 @@ if (!is_array($config['pppoes']['pppoe'])) { } $a_pppoes = &$config['pppoes']['pppoe']; -$id = $_GET['id']; -if (isset($_POST['id'])) +if (is_numericint($_GET['id'])) + $id = $_GET['id']; +if (isset($_POST['id']) && is_numericint($_POST['id'])) $id = $_POST['id']; if (isset($id) && $a_pppoes[$id]) { diff --git a/usr/local/www/vpn_pptp_users_edit.php b/usr/local/www/vpn_pptp_users_edit.php index 24c0063..e32ab9c 100755 --- a/usr/local/www/vpn_pptp_users_edit.php +++ b/usr/local/www/vpn_pptp_users_edit.php @@ -56,8 +56,9 @@ if (!is_array($config['pptpd']['user'])) { } $a_secret = &$config['pptpd']['user']; -$id = $_GET['id']; -if (isset($_POST['id'])) +if (is_numericint($_GET['id'])) + $id = $_GET['id']; +if (isset($_POST['id']) && is_numericint($_POST['id'])) $id = $_POST['id']; if (isset($id) && $a_secret[$id]) { |