summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--usr/local/pkg/routed.inc (renamed from usr/local/pkg/routed/routed.inc)0
-rw-r--r--usr/local/pkg/routed.xml (renamed from usr/local/pkg/routed/routed.xml)0
-rwxr-xr-xusr/local/www/fbegin.inc2
-rwxr-xr-xusr/local/www/pkg.php6
-rwxr-xr-xusr/local/www/pkg_edit.php6
5 files changed, 12 insertions, 2 deletions
diff --git a/usr/local/pkg/routed/routed.inc b/usr/local/pkg/routed.inc
index 2d4f6d1..2d4f6d1 100644
--- a/usr/local/pkg/routed/routed.inc
+++ b/usr/local/pkg/routed.inc
diff --git a/usr/local/pkg/routed/routed.xml b/usr/local/pkg/routed.xml
index e284010..e284010 100644
--- a/usr/local/pkg/routed/routed.xml
+++ b/usr/local/pkg/routed.xml
diff --git a/usr/local/www/fbegin.inc b/usr/local/www/fbegin.inc
index 11598fa..eb1c0aa 100755
--- a/usr/local/www/fbegin.inc
+++ b/usr/local/www/fbegin.inc
@@ -124,7 +124,7 @@ $services_menu[] = array("IGMP proxy", "/services_igmpproxy.php");
$services_menu[] = array("Load Balancer", "/load_balancer_pool.php");
$services_menu[] = array("OLSR", "/pkg_edit.php?xml=olsrd.xml&id=0");
$services_menu[] = array("PPPoE Server", "/vpn_pppoe.php");
-$services_menu[] = array("RIP", "/pkg_edit.php?xml=routed/routed.xml&id=0");
+$services_menu[] = array("RIP", "/pkg_edit.php?xml=routed.xml&id=0");
$services_menu[] = array("SNMP", "/services_snmp.php");
if(count($config['interfaces']) > 1) {
/* no use for UPnP in single-interface deployments
diff --git a/usr/local/www/pkg.php b/usr/local/www/pkg.php
index e77f38a..5e4a65f 100755
--- a/usr/local/www/pkg.php
+++ b/usr/local/www/pkg.php
@@ -45,7 +45,7 @@ function gentitle_pkg($pgname) {
return $config['system']['hostname'] . "." . $config['system']['domain'] . " - " . $pgname;
}
-$xml = htmlspecialchars($_REQUEST['xml']);
+$xml = $_REQUEST['xml'];
if($xml == "") {
print_info_box_np(gettext("ERROR: No package defined."));
@@ -53,6 +53,10 @@ if($xml == "") {
} else {
if(file_exists("/usr/local/pkg/" . $xml))
$pkg = parse_xml_config_pkg("/usr/local/pkg/" . $xml, "packagegui");
+ else {
+ echo "File not found " . htmlspecialchars($xml);
+ exit;
+ }
}
if($pkg['donotsave'] <> "") {
diff --git a/usr/local/www/pkg_edit.php b/usr/local/www/pkg_edit.php
index f9cac9d..1f2b7d4 100755
--- a/usr/local/www/pkg_edit.php
+++ b/usr/local/www/pkg_edit.php
@@ -83,6 +83,12 @@ $pgtitle = $title;
$id = $_GET['id'];
if (isset($_POST['id']))
$id = htmlspecialchars($_POST['id']);
+
+if(!is_numeric($id)) {
+ Header("Location: /");
+ exit;
+}
+
// Not posting? Then user is editing a record. There must be a valid id
// when editing a record.
OpenPOWER on IntegriCloud