diff options
-rw-r--r-- | usr/local/pkg/routed.inc (renamed from usr/local/pkg/routed/routed.inc) | 0 | ||||
-rw-r--r-- | usr/local/pkg/routed.xml (renamed from usr/local/pkg/routed/routed.xml) | 0 | ||||
-rwxr-xr-x | usr/local/www/fbegin.inc | 2 | ||||
-rwxr-xr-x | usr/local/www/pkg.php | 6 | ||||
-rwxr-xr-x | usr/local/www/pkg_edit.php | 6 |
5 files changed, 12 insertions, 2 deletions
diff --git a/usr/local/pkg/routed/routed.inc b/usr/local/pkg/routed.inc index 2d4f6d1..2d4f6d1 100644 --- a/usr/local/pkg/routed/routed.inc +++ b/usr/local/pkg/routed.inc diff --git a/usr/local/pkg/routed/routed.xml b/usr/local/pkg/routed.xml index e284010..e284010 100644 --- a/usr/local/pkg/routed/routed.xml +++ b/usr/local/pkg/routed.xml diff --git a/usr/local/www/fbegin.inc b/usr/local/www/fbegin.inc index 11598fa..eb1c0aa 100755 --- a/usr/local/www/fbegin.inc +++ b/usr/local/www/fbegin.inc @@ -124,7 +124,7 @@ $services_menu[] = array("IGMP proxy", "/services_igmpproxy.php"); $services_menu[] = array("Load Balancer", "/load_balancer_pool.php"); $services_menu[] = array("OLSR", "/pkg_edit.php?xml=olsrd.xml&id=0"); $services_menu[] = array("PPPoE Server", "/vpn_pppoe.php"); -$services_menu[] = array("RIP", "/pkg_edit.php?xml=routed/routed.xml&id=0"); +$services_menu[] = array("RIP", "/pkg_edit.php?xml=routed.xml&id=0"); $services_menu[] = array("SNMP", "/services_snmp.php"); if(count($config['interfaces']) > 1) { /* no use for UPnP in single-interface deployments diff --git a/usr/local/www/pkg.php b/usr/local/www/pkg.php index e77f38a..5e4a65f 100755 --- a/usr/local/www/pkg.php +++ b/usr/local/www/pkg.php @@ -45,7 +45,7 @@ function gentitle_pkg($pgname) { return $config['system']['hostname'] . "." . $config['system']['domain'] . " - " . $pgname; } -$xml = htmlspecialchars($_REQUEST['xml']); +$xml = $_REQUEST['xml']; if($xml == "") { print_info_box_np(gettext("ERROR: No package defined.")); @@ -53,6 +53,10 @@ if($xml == "") { } else { if(file_exists("/usr/local/pkg/" . $xml)) $pkg = parse_xml_config_pkg("/usr/local/pkg/" . $xml, "packagegui"); + else { + echo "File not found " . htmlspecialchars($xml); + exit; + } } if($pkg['donotsave'] <> "") { diff --git a/usr/local/www/pkg_edit.php b/usr/local/www/pkg_edit.php index f9cac9d..1f2b7d4 100755 --- a/usr/local/www/pkg_edit.php +++ b/usr/local/www/pkg_edit.php @@ -83,6 +83,12 @@ $pgtitle = $title; $id = $_GET['id']; if (isset($_POST['id'])) $id = htmlspecialchars($_POST['id']); + +if(!is_numeric($id)) { + Header("Location: /"); + exit; +} + // Not posting? Then user is editing a record. There must be a valid id // when editing a record. |